Date: Thu, 17 Aug 2023 06:04:21 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 273171] category/port: tcpdump used in this project is vulnerable Message-ID: <bug-273171-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D273171 Bug ID: 273171 Summary: category/port: tcpdump used in this project is vulnerable Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: thresh416@outlook.com Branch stable/13, releng/13.0, releng/13.1, releng/13.2 What is the security issue or vulnerability? As CVE-2020-8037 described, the ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory, which is still used in this project. This can be easily fixed by apply the patch of this CVE ( CVE-2020-8037 ) ,= as listed in the next section. Security issue or vulnerability information CVE-2020-8037's description:https://nvd.nist.gov/vuln/detail/CVE-2020-8037 CVE-2020-8037's patch commit:the-tcpdump-group/tcpdump@32027e1 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-273171-7788>