Bugzilla – Bug 1166972
VUL-0: CVE-2018-19325: tcpdump: prone to a heap-based buffer over-read in the EXTRACT_32BITS function due to improper serviceId
Last modified: 2020-05-25 08:20:16 UTC
tcpdump 4.9.2 (and probably lower versions) is prone to a heap-based buffer
over-read in the EXTRACT_32BITS function (extract.h, called from the
rx_cache_find function, print-rx.c) due to improper serviceId sanitization.
Created attachment 833559 [details]
PoC file from the reporter
It doesn't crash in Factory x86_64.
CVE rejected as duplicated. Please, use CVE-2018-14466 instead.
Fix already submitted in:
Closing as invalid