CVE-2020-8037: user/tcpdump: ppp excessive memory allocation
| Bugzilla ID | 372 |
| Alias(es) | CVE-2020-8037 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 22:24:31 -0600 |
| Modified | 2020-11-21 22:24:31 -0600 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/tcpdump |
Description
CVE-2020-8037: https://nvd.nist.gov/vuln/detail/CVE-2020-8037
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a
large amount of memory.
Unreleased fix
https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231