{"id":"CVE-2024-8006","details":"Remote packet capture support is disabled by default in libpcap.  When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex().  One of the function arguments can be a filesystem path, which normally means a directory with input data files.  When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence.","modified":"2026-03-20T12:40:19.587936Z","published":"2024-08-31T00:15:05.743Z","related":["MGASA-2024-0295","SUSE-SU-2024:3210-1","SUSE-SU-2024:3217-1","SUSE-SU-2024:3355-1","SUSE-SU-2024:3516-1","SUSE-SU-2025:20059-1","SUSE-SU-2026:20064-1","openSUSE-SU-2024:14309-1"],"references":[{"type":"FIX","url":"https://github.com/the-tcpdump-group/libpcap/commit/8a633ee5b9ecd9d38a587ac9b204e2380713b0d6"},{"type":"FIX","url":"https://github.com/the-tcpdump-group/libpcap/commit/0f8a103469ce87d2b8d68c5130a46ddb7fb5eb29"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/the-tcpdump-group/libpcap","events":[{"introduced":"0"},{"fixed":"bbcbc9174df3298a854daee2b3e666a4b6e5383a"},{"fixed":"0f8a103469ce87d2b8d68c5130a46ddb7fb5eb29"},{"fixed":"8a633ee5b9ecd9d38a587ac9b204e2380713b0d6"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.10.5"}]}}],"versions":["libpcap-0.6.1","libpcap-0.7.1","libpcap-0.8-bp","libpcap-1.10-bp","libpcap-1.10.0","libpcap-1.10.1","libpcap-1.10.2","libpcap-1.10.3","libpcap-1.10.4","libpcap-1.3-bp","libpcap-1.5.0","libpcap-1.6.0-bp","libpcap-1.7.0-bp","libpcap-1.8.0-bp","libpcap-1.8.1","libpcap-1.9-bp","libpcap-1.9.0-rc1"],"database_specific":{"vanir_signatures":[{"signature_type":"Line","id":"CVE-2024-8006-0005751a","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["274821971895769149813253593460732405121","70328471465415222261765572956330539410","82111364369546980584609979504067613477","162399281317615029895728943167452961801","322647407103076971329823635801275806516","65332767798215932809990559187460397951","127212387521458079471731179793542562902","187208195945300446619593720574754863010"]},"signature_version":"v1","target":{"file":"pcap.c"},"source":"https://github.com/the-tcpdump-group/libpcap/commit/0f8a103469ce87d2b8d68c5130a46ddb7fb5eb29"},{"signature_type":"Function","id":"CVE-2024-8006-68d7278c","deprecated":false,"digest":{"function_hash":"216326314781857461255022575487116991126","length":4633},"signature_version":"v1","target":{"file":"pcap-new.c","function":"pcap_findalldevs_ex"},"source":"https://github.com/the-tcpdump-group/libpcap/commit/8a633ee5b9ecd9d38a587ac9b204e2380713b0d6"},{"signature_type":"Line","id":"CVE-2024-8006-9b3e64c6","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["303093119930627033218952398498417915189","70328471465415222261765572956330539410","333776812231799235415887346592035516484","115368977971345468778295755034332015261","322647407103076971329823635801275806516","143405077854950494387909433729170502149","148925866596298467929528575347324020767","146814526677318606341603352652391010899"]},"signature_version":"v1","target":{"file":"pcap-new.c"},"source":"https://github.com/the-tcpdump-group/libpcap/commit/8a633ee5b9ecd9d38a587ac9b204e2380713b0d6"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-8006.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}]}