projects / openwrt / openwrt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 606106f) | patch
tcpdump: Fix CVE-2018-16301
authorHauke Mehrtens <hauke@hauke-m.de>
Sat, 12 Feb 2022 22:13:47 +0000 (23:13 +0100)
committerPetr Štetiar <ynezz@true.cz>
Sun, 13 Feb 2022 07:55:02 +0000 (08:55 +0100)
commite92a4e5458ff35083ea7263c68316b47243a1222
tree73c7ece30e58cc4d85739e6a2f33aa71b33f4c88tree | snapshot
parent606106fb295e2770af4df7c04fc9fcc95428a0f4commit | diff
tcpdump: Fix CVE-2018-16301

This fixes the following security problem:
The command-line argument parser in tcpdump before 4.99.0 has a buffer
overflow in tcpdump.c:read_infile(). To trigger this vulnerability the
attacker needs to create a 4GB file on the local filesystem and to
specify the file name as the value of the -F command-line argument of
tcpdump.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 8f5875c4e221453932f217a82f8c3092cacba3e5)
(cherry picked from commit 59e7ae8d65ab9a9315608a69565f6a4247d3b1ac)
package/network/utils/tcpdump/Makefile diff | blob | history
package/network/utils/tcpdump/patches/102-CVE-2018-16301.patch [new file with mode: 0644] blob
OpenWrt Source Repository