The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds read and may allow access to sensitive memory (or a denial of service).
Base Score: 6.4
Impact Score: 4.9
Exploitability Score: 10
Base Score: 9.1
Impact Score: 5.2
Exploitability Score: 3.9
cpe:2.3:a:digitalcorpora:tcpflow:*:*:*:*:*:*:*:* versions up to 1.4.5 (inclusive)
|143323||Debian DLA-2468-1 : tcpflow security update||Nessus||Debian Local Security Checks|
|124322||Ubuntu 16.04 LTS / 18.04 LTS / 18.10 : tcpflow vulnerabilities (USN-3955-1)||Nessus||Ubuntu Local Security Checks|
|120449||Fedora 28 : tcpflow (2018-5ad77cc979)||Nessus||Fedora Local Security Checks|
|117299||Fedora 27 : tcpflow (2018-4f0b7d1251)||Nessus||Fedora Local Security Checks|