{"id":"CVE-2018-14938","details":"An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds read and may allow access to sensitive memory (or a denial of service).","modified":"2026-04-16T06:22:29.613314015Z","published":"2018-08-05T03:29:00.217Z","references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00046.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3955-1/"},{"type":"FIX","url":"https://github.com/simsong/tcpflow/commit/a4e1cd14eb5ccc51ed271b65b3420f7d692c40eb"},{"type":"EVIDENCE","url":"https://github.com/simsong/tcpflow/issues/182"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/simsong/tcpflow","events":[{"introduced":"0"},{"last_affected":"7d8133c5772de8ea18184d35a3f69e8dae95ea2f"},{"introduced":"0"},{"last_affected":"cde661545f824869999360a7b5489c010507662c"},{"fixed":"a4e1cd14eb5ccc51ed271b65b3420f7d692c40eb"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.4.5"},{"introduced":"0"},{"last_affected":"1.5.0-alpha"}]}}],"versions":["push","tcpflow-1.2.5","tcpflow-1.2.7","tcpflow-1.2.9","tcpflow-1.3.0","tcpflow-1.4.0","tcpflow-1.4.1","tcpflow-1.4.2","tcpflow-1.4.3","tcpflow-1.4.5","tcpflow-1.5.0alpha"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14938.json","vanir_signatures":[{"deprecated":false,"target":{"file":"src/wifipcap/wifipcap.cpp"},"source":"https://github.com/simsong/tcpflow/commit/a4e1cd14eb5ccc51ed271b65b3420f7d692c40eb","digest":{"line_hashes":["263431917898089951272887722306756947082","16960705493334843210741211398048974095","329830292726982711965374785293791456977","302800325138827059724578790507507565090","87336336488400855913637102334681372717","270457403820026149546639844305609165613","261449765198992541675110649674818872159","331162596895031128530210437412462671802","140461762237614033428383369468125960998","106277531526314253657753793650176805747","192662580726791560291150438083018470649","245028216154237253443083530987415627845","213075352169121008038102790243621575853","223481960602899988842673701328938352184","104625703489278918060615238661938281748","326895023466895463823077623033758943029","108065930782036769996894486271013632229","318394031558307746219120081869191702298","257359142032850477010271814807194523493"],"threshold":0.9},"signature_type":"Line","id":"CVE-2018-14938-1855abe7","signature_version":"v1"},{"deprecated":false,"target":{"file":"src/wifipcap/wifipcap.cpp","function":"WifiPacket::handle_prism"},"source":"https://github.com/simsong/tcpflow/commit/a4e1cd14eb5ccc51ed271b65b3420f7d692c40eb","digest":{"length":566,"function_hash":"223260786614342259660237873670618925192"},"signature_type":"Function","id":"CVE-2018-14938-35e18565","signature_version":"v1"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.10"}]}],"vanir_signatures_modified":"2026-04-11T12:27:38Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}