Re: [the-tcpdump-group/libpcap] CVE-2018-16301 information (#855)

[Michael Richardson <mcr () sandelman ca>]

carnil <notifications () github com> wrote:
    > Information on CVE-2018-16301 seem to indicate that it first was
    > thought to be an issue in tcpdump, but then it's clearly stated that it
    > is fixed in libpcap.

    > The CVE description submitted to MITRE is as well inline with that:

(okay, but don't use that as authoritative, since I am the one that wrote that)

    >> libpcap before 1.9.1, as used in tcpdump before 4.9.3, has a buffer
    >> overflow and/or over-read because of errors in pcapng reading.

    > We have marked it now as such in Debian's records, but if
    > CVE-2018-16301 is a duplicate of CVE-2019-15161 then preferably
    > upstream would need to ask MITRE to reject CVE-2018-16301.

MITRE has a very poor record and very high latency for responding.
I'm happy to get our records cleared up; I will be adding a "duplicates"
column to my CSV file.  I'm just still in a bit of PTSD from having worked on
this stuff for too long :-(

-- 
]               Never tell me the odds!                 | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works        | network architect  [ 
]     mcr () sandelman ca  http://www.sandelman.ca/        |   ruby on rails    [ 
        
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers