tcpdump mailing list archives
Re: CVE-2018-19519 ("a stack-based buffer over-read exists in the print_prefix function of print-hncp.c")
From: Denis Ovsienko <denis () ovsienko info>
Date: Thu, 21 Feb 2019 22:52:38 +0000
---- On Wed, 20 Feb 2019 08:46:08 +0000 Thomas De Schampheleire <patrickdepinguin () gmail com> wrote ----
Hello, I would like to inquire about the status of CVE-2018-19519 [1] which was reported end of 2018 but for which no patch seems to be applied in the tcpdump repository. I also see no reference to this issue in the mailing list archives. The issue is described by the reporter Zeng Yingpei at [2] and a proposed solution is mentioned (initializing 'buf'). Are the tcpdump developers aware of this issue? Has a patch been proposed / is someone looking at it?
Both the report and the CVE allocation are duplicate. The reporter decided to jump ahead. The problem will be fixed. -- Denis Ovsienko _______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- CVE-2018-19519 ("a stack-based buffer over-read exists in the print_prefix function of print-hncp.c") Thomas De Schampheleire (Feb 20)
- Re: CVE-2018-19519 ("a stack-based buffer over-read exists in the print_prefix function of print-hncp.c") Denis Ovsienko (Feb 21)