[Bug 273171] category/port: tcpdump used in this project is vulnerable
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273171] tcpdump is vulnerable"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 17 Aug 2023 06:04:21 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273171 Bug ID: 273171 Summary: category/port: tcpdump used in this project is vulnerable Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: thresh416@outlook.com Branch stable/13, releng/13.0, releng/13.1, releng/13.2 What is the security issue or vulnerability? As CVE-2020-8037 described, the ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory, which is still used in this project. This can be easily fixed by apply the patch of this CVE ( CVE-2020-8037 ) , as listed in the next section. Security issue or vulnerability information CVE-2020-8037's description:https://nvd.nist.gov/vuln/detail/CVE-2020-8037 CVE-2020-8037's patch commit:the-tcpdump-group/tcpdump@32027e1 -- You are receiving this mail because: You are the assignee for the bug.