tcpdump: ppp decapsulator can be convinced to allocate a large amount of memory (CVE-2020-8037)

The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.

References:

• https://nvd.nist.gov/vuln/detail/CVE-2020-8037
• https://security-tracker.debian.org/tracker/CVE-2020-8037

Patch:

https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231

Affected branches:

• master
• 3.12-stable
• 3.11-stable
• 3.10-stable
• 3.9-stable