[3.9] tcpflow: stack-based buffer over-read exists in setbit() at iptree.h (CVE-2018-18409)
A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW
1.5.0, due to received incorrect values causing incorrect computation,
leading to denial of service during an address_histogram call or a get_histogram call.
(from redmine: issue id 10427, created on 2019-05-08)
- parent #10425
- Revision 22a1991b by Natanael Copa on 2019-07-08T14:21:13Z:
main/tcpflow: backport fix for CVE-2018-18409 and remove unused patch ref #10427