How severe is CVE-2023-7256?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2023-7256?

This is classified as CWE-415, which is a common weakness in software security.

CVE-2023-7256 - MEDIUM Severity | CVSS 4.4

Vulnerability Description

In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400.

Related Vulnerabilities

CVE-2024-26846

MEDIUM

CVSS:4.4(Medium)

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: do not wait in vain when unloading module The module exit path has race between deleting all controllers and freeing 'left ...

CWE-4152024

CVE-2024-42123

MEDIUM

CVSS:4.4(Medium)

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix double free err_addr pointer warnings In amdgpu_umc_bad_page_polling_timeout, the amdgpu_umc_handle_bad_pages will b...

CWE-4152024

CVE-2019-15212

MEDIUM

CVSS:4.6(Medium)

An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.

CWE-4152019

CVE-2023-26545

MEDIUM

CVSS:4.7(Medium)

In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.

CWE-4152023

CVE-2024-26652

MEDIUM

CVSS:4.1(Medium)

In the Linux kernel, the following vulnerability has been resolved: net: pds_core: Fix possible double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_de...

CWE-4152024

CVE-2021-25477

MEDIUM

CVSS:4.9(Medium)

An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service.

CWE-4152021