nfdump: Multiple vulnerabilities (CVE-2019-14459, CVE-2019-1010057)

CVE-2019-14459: integer overflow in function Process_ipfix_template_withdraw in ipfix.c leads to denial of service

nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service).

References:

• https://github.com/phaag/nfdump/issues/171
• https://nvd.nist.gov/vuln/detail/CVE-2019-14459

Patch:

https://github.com/phaag/nfdump/commit/3b006ededaf351f1723aea6c727c9edd1b1fff9b

CVE-2019-1010057: buffer overflow in nfx.c, nffile_inline.c and minilzo.c (3.7-stable only)

A vulnerability was found in nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact is: The impact could range from a denial of service to local code execution. The component is: nfx.c:546, nffile_inline.c:83, minilzo.c (redistributed). The attack vector is: nfdump must read and process a specially crafted file.

Reference:

• https://github.com/phaag/nfdump/issues/104
• https://nvd.nist.gov/vuln/detail/CVE-2019-1010057

Patch:

https://github.com/phaag/nfdump/commit/9f0fe9563366f62a71d34c92229da3432ec5cf0e

Affected branches:

• master (c3827654)
• 3.10-stable
• 3.9-stable
• 3.8-stable (c754c0cd)
• 3.7-stable (34eaff89)