A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an address_histogram call or a get_histogram call.
References
Link | Resource |
---|---|
https://github.com/simsong/tcpflow/issues/195 | Exploit Patch Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K6MP4YMCJX4ITOBFX427UMOA6E7ZLJDE/ | Mailing List Release Notes Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MN5FW6HKPDP7PI2IVNMFSQVIDSCQ5BOR/ | Mailing List Release Notes Third Party Advisory |
https://usn.ubuntu.com/3955-1/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Information
Published : 2018-10-16 21:29
Updated : 2019-05-13 08:46
NVD link : CVE-2018-18409
Mitre link : CVE-2018-18409
JSON object : View
CWE
CWE-125
Out-of-bounds Read
Products Affected
canonical
- ubuntu_linux
fedoraproject
- fedora
digitalcorpora
- tcpflow