The ip_evictor function in ip_fragment.c in libnids before 1.24, as used in dsniff and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via crafted fragmented packets.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libnids | Libnids_project | * | 1.24 (excluding) |
| Libnids | Ubuntu | artful | * |
| Libnids | Ubuntu | dapper | * |
| Libnids | Ubuntu | hardy | * |
| Libnids | Ubuntu | intrepid | * |
| Libnids | Ubuntu | jaunty | * |
| Libnids | Ubuntu | karmic | * |
| Libnids | Ubuntu | lucid | * |
| Libnids | Ubuntu | maverick | * |
| Libnids | Ubuntu | natty | * |
| Libnids | Ubuntu | oneiric | * |
| Libnids | Ubuntu | precise | * |
| Libnids | Ubuntu | quantal | * |
| Libnids | Ubuntu | raring | * |
| Libnids | Ubuntu | saucy | * |
| Libnids | Ubuntu | upstream | * |
| Libnids | Ubuntu | utopic | * |
| Libnids | Ubuntu | vivid | * |
| Libnids | Ubuntu | wily | * |
| Libnids | Ubuntu | yakkety | * |
| Libnids | Ubuntu | zesty | * |