Wind River Support Network

HomeDefectsLIN1018-4560
Fixed

LIN1018-4560 : Security Advisory - tcpdump - CVE-2019-1010220

Created: Jul 28, 2019    Updated: Mar 13, 2020
Resolved Date: Mar 12, 2020
Found In Version: 10.18.44.1
Fix Version: 10.18.44.11
Severity: Standard
Applicable for: Wind River Linux LTS 18
Component/s: Userspace

Description

tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". The attack vector is: The victim must open a specially crafted pcap file.

CREATE(Triage): {Link=https://nvd.nist.gov/vuln/detail/CVE-2019-1010220 User=admin}

CVEs


Live chat
Online