Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 887237 (CVE-2020-36619) - <net-analyzer/multimon-ng-1.2.0: format string vulnerability
Summary: <net-analyzer/multimon-ng-1.2.0: format string vulnerability
Alias: CVE-2020-36619
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa?]
Depends on:
Reported: 2022-12-19 16:37 UTC by John Helmert III
Modified: 2023-09-17 17:59 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-19 16:37:31 UTC
CVE-2020-36619 (

A vulnerability was found in multimon-ng. It has been rated as critical. This issue affects the function add_ch of the file demod_flex.c. The manipulation of the argument ch leads to format string. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is e5a51c508ef952e81a6da25b43034dd1ed023c07. It is recommended to upgrade the affected component. The identifier VDB-216269 was assigned to this vulnerability.

Please bump to 1.2.0.
Comment 1 Rick Farina (Zero_Chaos) gentoo-dev 2023-08-20 14:34:22 UTC
I moved 1.1.9 to 1.2.0 in 38e6368e44999485d39b620201086ac440354754

I apologize, I didn't notice this bug before I did it, so the bug isn't mentioned in the commit.