tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-2018-19519 ("a stack-based buffer over-read exists in the print_prefix function of print-hncp.c")

From: Denis Ovsienko <denis () ovsienko info>
Date: Thu, 21 Feb 2019 22:52:38 +0000
 ---- On Wed, 20 Feb 2019 08:46:08 +0000 Thomas De Schampheleire <patrickdepinguin () gmail com> wrote ---- 

Hello,

I would like to inquire about the status of CVE-2018-19519 [1] which
was reported end of 2018 but for which no patch seems to be applied in
the tcpdump repository. I also see no reference to this issue in the
mailing list archives.

The issue is described by the reporter Zeng Yingpei at [2] and a
proposed solution is mentioned (initializing 'buf').

Are the tcpdump developers aware of this issue?
Has a patch been proposed / is someone looking at it?


Both the report and the CVE allocation are duplicate. The reporter decided to jump ahead. The problem will be fixed.

-- 
    Denis Ovsienko


_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Previous By Date Next
Previous By Thread Next

Current thread: