tcpdump: ppp decapsulator can be convinced to allocate a large amount of memory (CVE-2020-8037)
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-8037
- https://security-tracker.debian.org/tracker/CVE-2020-8037
Patch:
https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231
Affected branches:
- master
- 3.12-stable
- 3.11-stable
- 3.10-stable
- 3.9-stable
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information