[3.10] tcpflow: stack-based buffer over-read exists in setbit() at iptree.h (CVE-2018-18409)
A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW
1.5.0, due to received incorrect values causing incorrect computation,
leading to denial of service during an address_histogram call or a get_histogram call.
(from redmine: issue id 10426, created on 2019-05-08)
- parent #10425
- Revision 4018db3c by Natanael Copa on 2019-07-08T14:18:59Z:
main/tcpflow: backport fix for CVE-2018-18409 and remove unused patch ref #10426