Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] tcpdump used in this project is vulnerable #582

Open
the-Chain-Warden-thresh opened this issue Oct 30, 2023 · 0 comments
Open

[Security] tcpdump used in this project is vulnerable #582

the-Chain-Warden-thresh opened this issue Oct 30, 2023 · 0 comments

Comments

@the-Chain-Warden-thresh
Copy link

Version

latest

What is the security issue or vulnerability?

As CVE-2020-8037 described, the ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory, which is still used in this project.
This can be easily fixed by apply the patch of this CVE ( CVE-2020-8037 ) , as listed in the next section.

Security issue or vulnerability information

CVE-2020-8037's description:https://nvd.nist.gov/vuln/detail/CVE-2020-8037
CVE-2020-8037's patch commit:the-tcpdump-group/tcpdump@32027e1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@the-Chain-Warden-thresh