[3.7] tcpflow: stack-based buffer over-read exists in setbit() at iptree.h (CVE-2018-18409)
A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW
1.5.0, due to received incorrect values causing incorrect computation,
leading to denial of service during an address_histogram call or a get_histogram call.
(from redmine: issue id 10429, created on 2019-05-08)
- parent #10425
- Revision f9f4e0e8 by Natanael Copa on 2019-07-08T14:27:05Z:
main/tcpflow: backport fix for CVE-2018-18409 and remove unused patch ref #10429