pkg/57586: tcpdump used in this NetBSD is vulnerable

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/57586: tcpdump used in this NetBSD is vulnerable
From: thresh416%outlook.com@localhost
Date: Wed, 16 Aug 2023 12:05:00 +0000 (UTC)

>Number:         57586
>Category:       pkg
>Synopsis:       tcpdump used in this NetBSD is vulnerable
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Aug 16 12:05:00 +0000 2023
>Originator:     ChenHao Lu
>Release:        trunk
>Organization:
Fudan University
>Environment:
>Description:
As CVE-2020-8037 described, the ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory, which is still used in this project.
This can be easily fixed by apply the patch of this CVE ( CVE-2020-8037 ).
CVE-2020-8037's description:https://nvd.nist.gov/vuln/detail/CVE-2020-8037
CVE-2020-8037's patch commit:https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231
>How-To-Repeat:

>Fix:

Follow-Ups:
- Re: pkg/57586: tcpdump used in this NetBSD is vulnerable
  - From: Benny Siegert

Prev by Date: PR/51465 CVS commit: pkgsrc/pkgtools/pkgin
Next by Date: PR/57539 CVS commit: pkgsrc/graphics/tiff
Previous by Thread: PR/51465 CVS commit: pkgsrc/pkgtools/pkgin
Next by Thread: Re: pkg/57586: tcpdump used in this NetBSD is vulnerable
Indexes:

Home | Main Index | Thread Index | Old Index