Bug 1817479 - tcpdump: heap-based buffer over-read in the EXTRACT_32BITS function due to improper serviceId sanitization
Summary: tcpdump: heap-based buffer over-read in the EXTRACT_32BITS function due to im...
Keywords:
Status: CLOSED DUPLICATE of bug 1760509
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1817480
TreeView+ depends on / blocked
 
Reported: 2020-03-26 12:16 UTC by Marian Rehak
Modified: 2021-02-16 20:23 UTC (History)
7 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2020-03-27 17:25:44 UTC
Embargoed:

Attachments (Terms of Use)

Description Marian Rehak 2020-03-26 12:16:12 UTC 
tcpdump 4.9.2 (and probably lower versions) is prone to a heap-based buffer over-read in the EXTRACT_32BITS function (extract.h, called from the rx_cache_find function, print-rx.c) due to improper serviceId sanitization.
Comment 1 Stefan Cornelius 2020-03-27 17:19:49 UTC 
Patch:
https://github.com/the-tcpdump-group/tcpdump/commit/4154778a262b4a7449141535a99da4d13b4c8b2e
Comment 2 Stefan Cornelius 2020-03-27 17:25:44 UTC 

*** This bug has been marked as a duplicate of bug 1760509 ***
Comment 3 Stefan Cornelius 2020-03-27 17:27:01 UTC 
Statement:

This is a duplicate of CVE-2018-14466
Comment 4 Salvatore Bonaccorso 2020-03-28 07:37:10 UTC 
Hi Stefan, Marian,

Can you ask for REJECT of CVE-2018-19325 at MITRE level?

Regards,
Salvatore
Comment 5 Marian Rehak 2020-03-30 07:41:02 UTC 
Hello Salvatore,

I have requested the rejection, thank you for letting me know!

Marian
Comment 6 Salvatore Bonaccorso 2020-03-30 15:23:37 UTC 
Hi Marian!

Thank you, this has happened now it looks.

Could you then as well remove any CVE reference (and alias) here from bugzilla?

Regards and thank you!
Salvatore
Comment 7 Marian Rehak 2020-03-31 07:26:23 UTC 
Hello again Salvatore,

I see this took effect already, removed CVE entries.

Thank you as well!
Marian
Note You need to log in before you can comment on or make changes to this bug.