887237 – (CVE-2020-36619) <net-analyzer/multimon-ng-1.2.0: format string vulnerability

Bug 887237 (CVE-2020-36619) - <net-analyzer/multimon-ng-1.2.0: format string vulnerability

Summary: <net-analyzer/multimon-ng-1.2.0: format string vulnerability

Status:	CONFIRMED

Alias:	CVE-2020-36619

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B2 [glsa?]
Keywords:

Depends on:
Blocks:

Reported:	2022-12-19 16:37 UTC by John Helmert III
Modified:	2023-09-17 17:59 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2022-12-19 16:37:31 UTC

CVE-2020-36619 (https://github.com/EliasOenal/multimon-ng/pull/160):
https://github.com/EliasOenal/multimon-ng/releases/tag/1.2.0
https://github.com/EliasOenal/multimon-ng/commit/e5a51c508ef952e81a6da25b43034dd1ed023c07
https://vuldb.com/?id.216269

A vulnerability was found in multimon-ng. It has been rated as critical. This issue affects the function add_ch of the file demod_flex.c. The manipulation of the argument ch leads to format string. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is e5a51c508ef952e81a6da25b43034dd1ed023c07. It is recommended to upgrade the affected component. The identifier VDB-216269 was assigned to this vulnerability.

Please bump to 1.2.0.

Comment 1 Rick Farina (Zero_Chaos) gentoo-dev

2023-08-20 14:34:22 UTC

I moved 1.1.9 to 1.2.0 in 38e6368e44999485d39b620201086ac440354754

I apologize, I didn't notice this bug before I did it, so the bug isn't mentioned in the commit.