First Last Prev Next    This bug is not in your last search results.
Bug 1166972 - (CVE-2018-19325) VUL-0: CVE-2018-19325: tcpdump: prone to a heap-based buffer over-read in the EXTRACT_32BITS function due to improper serviceId
(CVE-2018-19325)
VUL-0: CVE-2018-19325: tcpdump: prone to a heap-based buffer over-read in the...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/255169/
CVSSv2:NVD:CVE-2018-19325:5.0:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-03-18 13:00 UTC by Robert Frohl
Modified: 2020-05-25 08:20 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
PoC file from the reporter (114 bytes, application/octet-stream)
2020-03-21 11:26 UTC, Pedro Monreal Gonzalez 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2020-03-18 13:00:13 UTC 
CVE-2018-19325

tcpdump 4.9.2 (and probably lower versions) is prone to a heap-based buffer
over-read in the EXTRACT_32BITS function (extract.h, called from the
rx_cache_find function, print-rx.c) due to improper serviceId sanitization.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19325
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19325.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19325
https://docs.google.com/document/d/1ifs3lREn98UC5XTXt02BGAYNddoGAX1BXQQvOviaYaI/edit
Comment 1 Pedro Monreal Gonzalez 2020-03-21 11:26:27 UTC 
Created attachment 833559 [details]
PoC file from the reporter

It doesn't crash in Factory x86_64.
Comment 2 Pedro Monreal Gonzalez 2020-04-13 16:04:12 UTC 
CVE rejected as duplicated. Please, use CVE-2018-14466 instead.

Fix already submitted in:
   https://bugzilla.suse.com/show_bug.cgi?id=1153098
Comment 4 Alexandros Toptsoglou 2020-05-25 08:20:16 UTC 
Closing as invalid
First Last Prev Next    This bug is not in your last search results.