[3.8] tcpflow: stack-based buffer over-read exists in setbit() at iptree.h (CVE-2018-18409)
A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW
1.5.0, due to received incorrect values causing incorrect computation,
leading to denial of service during an address_histogram call or a get_histogram call.
(from redmine: issue id 10428, created on 2019-05-08)
- parent #10425
- Revision 5d1740c1 by Natanael Copa on 2019-07-08T14:24:41Z:
main/tcpflow: backport fix for CVE-2018-18409 and remove unused patch ref #10428