830640 – (CVE-2021-41043) <net-analyzer/tcpslice-1.5: Use after free in tcpslice triggers AddressSanitizer (CVE-2021-41043)

Bug 830640 (CVE-2021-41043) - <net-analyzer/tcpslice-1.5: Use after free in tcpslice triggers AddressSanitizer (CVE-2021-41043)

Summary: <net-analyzer/tcpslice-1.5: Use after free in tcpslice triggers AddressSaniti...

Status:	IN_PROGRESS

Alias:	CVE-2021-41043

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:	https://github.com/the-tcpdump-group/...
Whiteboard:	B4 [glsa? cleanup]
Keywords:	PullRequest

Depends on:	833732
Blocks:
	Show dependency tree

Reported:	2022-01-05 14:35 UTC by filip ambroz
Modified:	2022-02-19 15:08 UTC (History)
CC List:	1 user (show)

See Also:	https://github.com/gentoo/gentoo/pull/23670
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description filip ambroz 2022-01-05 14:35:40 UTC

Use after free in tcpslice triggers AddressSanitizer, NO OTHER CONFIRMED IMPACT.

[Tested on]
version 1.5-PRE-GIT
version 1.2a3

[Command]
tcpslice -w a.txt heap.pcap

[Result]
Segmentation fault


Fixed in version 1.5

Comment 1 John Helmert III archtester

2022-01-06 04:21:42 UTC

Thanks for reporting!

Comment 2 Larry the Git Cow gentoo-dev

2022-01-09 07:41:05 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fc753cec4a8697606ab5eeb9299097d1ffededd3

commit fc753cec4a8697606ab5eeb9299097d1ffededd3
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2022-01-06 06:56:31 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-01-09 07:40:26 +0000

    net-analyzer/tcpslice: add 1.5
    
    Bug: https://bugs.gentoo.org/830640
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 net-analyzer/tcpslice/Manifest            |  2 ++
 net-analyzer/tcpslice/tcpslice-1.5.ebuild | 21 +++++++++++++++++++++
 2 files changed, 23 insertions(+)