[3.10] tcpflow: stack-based buffer over-read exists in setbit() at iptree.h (CVE-2018-18409)
A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW
1.5.0, due to received incorrect values causing incorrect computation,
leading to denial of service during an address_histogram call or a
get_histogram call.
References:
https://github.com/simsong/tcpflow/issues/195
https://nvd.nist.gov/vuln/detail/CVE-2018-18409
Patch:
https://github.com/simsong/tcpflow/commit/89c04b4fb0e46b3c4f1388686e83966e531cbea9
(from redmine: issue id 10426, created on 2019-05-08)
- Relations:
- parent #10425
- Changesets:
- Revision 4018db3c by Natanael Copa on 2019-07-08T14:18:59Z:
main/tcpflow: backport fix for CVE-2018-18409
and remove unused patch
ref #10426