Hi, there
we have detected that your project may be vulnerable to ILoop with
Unreachable Exit Condition ('Infinite Loop') in the function of ` ppp_hdlc
` in the file of ` contrib/tcpdump/print-ppp.c ` . It shares similarities
to a recent CVE disclosure [CVE-2024-2397](
https://nvd.nist.gov/vuln/detail/CVE-2024-2397) in the
https://github.com/the-tcpdump-group/tcpdump
**The source vulnerability information is as follows:**
> Vulnerability Detail:
> CVE Identifier: CVE-2024-2397
> Description: Due to a bug in packet data buffers management, the PPP
printer in tcpdump can enter an infinite loop when reading a crafted
DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump
release, but it affected the git master branch from 2023-06-05 to
2024-03-21.
> Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-2397
> Patch:
https://github.com/the-tcpdump-group/tcpdump/commit/b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2
Would you help to check if this bug is true? If it's true, I'd like to open
a PR for that if necessary. Thank you for your effort and patience!
Best regards,
James
