Summary: | <net-analyzer/nfdump-1.6.19: multiple vulnerabilities (CVE-2019-{14459,1010057}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | netmon |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/phaag/nfdump/issues/104 | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
=net-analyzer/nfdump-1.6.19
|
Runtime testing required: | --- |
Description
Sam James
2020-03-02 14:17:03 UTC
2) CVE-2019-14459 Description: "nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service)." Bug: https://github.com/phaag/nfdump/issues/171 Patch: https://github.com/phaag/nfdump/commit/3b006ededaf351f1723aea6c727c9edd1b1fff9b amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. New GLSA request filed. This issue was resolved and addressed in GLSA 202003-17 at https://security.gentoo.org/glsa/202003-17 by GLSA coordinator Thomas Deutschmann (whissi). Re-opening for cleanup. Resetting sanity check; keywords are not fully specified and arches are not CC-ed. @maintainer(s), ping, please cleanup |