tcpdump mailing list archives
CVE-2018-19519 ("a stack-based buffer over-read exists in the print_prefix function of print-hncp.c")
From: Thomas De Schampheleire <patrickdepinguin () gmail com>
Date: Wed, 20 Feb 2019 09:46:08 +0100
Hello, I would like to inquire about the status of CVE-2018-19519 [1] which was reported end of 2018 but for which no patch seems to be applied in the tcpdump repository. I also see no reference to this issue in the mailing list archives. The issue is described by the reporter Zeng Yingpei at [2] and a proposed solution is mentioned (initializing 'buf'). Are the tcpdump developers aware of this issue? Has a patch been proposed / is someone looking at it? Thanks, Thomas [1] https://nvd.nist.gov/vuln/detail/CVE-2018-19519 [2] https://github.com/zyingp/temp/blob/master/tcpdump.md _______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- CVE-2018-19519 ("a stack-based buffer over-read exists in the print_prefix function of print-hncp.c") Thomas De Schampheleire (Feb 20)