tcpdump mailing list archives

CVE-2018-19519 ("a stack-based buffer over-read exists in the print_prefix function of print-hncp.c")

From: Thomas De Schampheleire <patrickdepinguin () gmail com>
Date: Wed, 20 Feb 2019 09:46:08 +0100

Hello,

I would like to inquire about the status of CVE-2018-19519 [1] which
was reported end of 2018 but for which no patch seems to be applied in
the tcpdump repository. I also see no reference to this issue in the
mailing list archives.

The issue is described by the reporter Zeng Yingpei at [2] and a
proposed solution is mentioned (initializing 'buf').

Are the tcpdump developers aware of this issue?
Has a patch been proposed / is someone looking at it?

Thanks,
Thomas

[1] https://nvd.nist.gov/vuln/detail/CVE-2018-19519
[2] https://github.com/zyingp/temp/blob/master/tcpdump.md
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Current thread:

CVE-2018-19519 ("a stack-based buffer over-read exists in the print_prefix function of print-hncp.c") Thomas De Schampheleire (Feb 20)
- Re: CVE-2018-19519 ("a stack-based buffer over-read exists in the print_prefix function of print-hncp.c") Denis Ovsienko (Feb 21)