Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 717808 (CVE-2019-8981) - <net-libs/axtls-2.1.5: Buffer overflow possibly allowing RCE (CVE-2019-8981)
Summary: <net-libs/axtls-2.1.5: Buffer overflow possibly allowing RCE (CVE-2019-8981)
Status: RESOLVED FIXED
Alias: CVE-2019-8981
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
: 717810 (view as bug list)
Depends on:
Blocks:
 
Reported: 2020-04-17 06:02 UTC by GLSAMaker/CVETool Bot
Modified: 2020-05-04 01:37 UTC (History)
1 user (show)

See Also:
Package list:
net-libs/axtls-2.1.5
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2020-04-17 06:02:01 UTC 
CVE-2019-8981 (https://nvd.nist.gov/vuln/detail/CVE-2019-8981):
  tls1.c in Cameron Hamilton-Rich axTLS before 2.1.5 has a Buffer Overflow via
  a crafted sequence of TLS packets because the need_bytes value is
  mismanaged.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-17 06:03:36 UTC 
*** Bug 717810 has been marked as a duplicate of this bug. ***
Comment 2 Anthony Basile gentoo-dev 2020-04-17 15:47:00 UTC 
We need to stabilize 2.1.5.

KEYWORDS="amd64 arm ppc ppc64 x86"
Comment 3 Agostino Sarubbo gentoo-dev 2020-04-18 09:19:14 UTC 
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2020-04-19 12:14:45 UTC 
arm stable
Comment 5 Agostino Sarubbo gentoo-dev 2020-04-19 12:16:45 UTC 
x86 stable
Comment 6 Agostino Sarubbo gentoo-dev 2020-04-20 09:48:39 UTC 
ppc stable
Comment 7 Agostino Sarubbo gentoo-dev 2020-04-20 09:50:55 UTC 
ppc64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 8 NATTkA bot gentoo-dev 2020-04-20 09:52:56 UTC 
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
Comment 9 Anthony Basile gentoo-dev 2020-04-24 00:53:11 UTC 
(In reply to Agostino Sarubbo from comment #7)
> ppc64 stable.
> 
> Maintainer(s), please cleanup.
> Security, please add it to the existing request, or file a new one.

cleanup done
Comment 10 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-24 01:00:26 UTC 
Thanks!
Comment 11 Aaron Bauman (RETIRED) gentoo-dev 2020-05-04 01:37:16 UTC 
DoS. No PoC for ACE/RCE.