Summary: | <net-analyzer/tcpdump-4.9.3: stack-based buffer overread in the print_prefix function of print-hncp.c (CVE-2018-19519) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | netmon |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/zyingp/temp/blob/master/tcpdump.md | ||
See Also: | https://github.com/the-tcpdump-group/tcpdump/issues/763 | ||
Whiteboard: | C3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
D'juan McDonald (domhnall)
2019-03-03 00:36:50 UTC
Hello D'juan, thanks for the report. Unless is stated that there is a RCE, since it is a read overflow, I'd set the rating to 3. Thanks Upstream patch: https://github.com/the-tcpdump-group/tcpdump/commit/511915bef7e4de2f31b8d9f581b4a44b0cfbcf53 " If decode_prefix6() returns a negative number, don't print buf. If it returns a negative number, it hasn't necessarily filled in buf, so just return immediately; this is similar to the IPv4 code path, wherein we just return a negative number, and print nothing, on an error. This should fix GitHub issue #763." Note that tree is now clean. |