Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 671
    • Issues 671
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 168
    • Merge Requests 168
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • alpine
  • aportsaports
  • Issues
  • #10429

Closed
Open
Opened May 08, 2019 by Alicha CH@alichaReporter

[3.7] tcpflow: stack-based buffer over-read exists in setbit() at iptree.h (CVE-2018-18409)

A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation,
leading to denial of service during an address_histogram call or a get_histogram call.

References:

https://github.com/simsong/tcpflow/issues/195
https://nvd.nist.gov/vuln/detail/CVE-2018-18409

Patch:

https://github.com/simsong/tcpflow/commit/89c04b4fb0e46b3c4f1388686e83966e531cbea9

(from redmine: issue id 10429, created on 2019-05-08)

  • Relations:
    • parent #10425
  • Changesets:
    • Revision f9f4e0e8 by Natanael Copa on 2019-07-08T14:27:05Z:
main/tcpflow: backport fix for CVE-2018-18409

and remove unused patch

ref #10429
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
3.7.4
Milestone
3.7.4
Assign milestone
Time tracking
None
Due date
None
Reference: alpine/aports#10429