tcpdump mailing list archives

Re: CVE-2020-8037: memory allocation in ppp decapsulator

From: Michael Richardson via tcpdump-workers <tcpdump-workers () lists tcpdump org>
Date: Mon, 30 Nov 2020 12:59:35 -0500

--- Begin Message --- From: Michael Richardson <mcr () sandelman ca>
Date: Mon, 30 Nov 2020 12:59:35 -0500

Hi, CVE-2020-8037 causes a big amount of memory to be allocated (then freed),
it does not cause an attack.

I'm sorry that I haven't managed to succeed in doing the right CVE.json dance
to get the mitre data updated.

Bill Fenner via tcpdump-workers <tcpdump-workers () lists tcpdump org> wrote:
    > I realize that http://www.tcpdump.org/security.html says there is no
    > commitment from the tcpdump group to release security fixes on any
    > timeframe whatsoever.  However, is there a way for someone who ships
    > tcpdump with their product to be made aware of unreleased security
    > fixes, or should we rely on Red Hat and others for that?

I can strive to do better.
I think that you are on the security@ list, and I think that this did go
through that list at the time.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr () sandelman ca  http://www.sandelman.ca/        |   ruby on rails    [

--- End Message ---

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Current thread:

CVE-2020-8037: memory allocation in ppp decapsulator Bill Fenner via tcpdump-workers (Nov 30)
- Re: CVE-2020-8037: memory allocation in ppp decapsulator Michael Richardson via tcpdump-workers (Nov 30)
- Message not available
  - Re: CVE-2020-8037: memory allocation in ppp decapsulator Bill Fenner via tcpdump-workers (Nov 30)