Vulnerability CVE-2024-52949: Information

Description

iptraf-ng 1.2.1 has a stack-based buffer overflow. In src/ifaces.c, the strcpy function consistently fails to control the size, and it is consequently possible to overflow memory on the stack.

Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
URL: https://nvd.nist.gov/vuln/detail/CVE-2024-52949
Published: Dec. 16, 2024
Modified: Oct. 14, 2025
Error type identifier: CWE-120

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
iptraf-ngsisyphus1.2.2-alt11.2.2-alt1ALT-PU-2024-16101-2363324Fixed
iptraf-ngsisyphus_loongarch641.2.2-alt11.2.2-alt1ALT-PU-2024-16148-1-Fixed
iptraf-ngc10f21.2.2-alt11.2.2-alt1ALT-PU-2025-9601-3390629Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/iptraf-ng/iptraf-ng/releases/tag/v1.2.1
  • Release Notes
https://www.gruppotim.it/it/footer/red-team.html
  • Exploit
  • Third Party Advisory
BDU:2025-00501
      1. cpe:2.3:a:iptraf-ng:iptraf-ng:1.2.1:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
    Version: v26.2.2
    Back to top