Source: tcpflow Version: 1.4.4+repack1-1 Severity: important Tags: patch security upstream Forwarded: https://github.com/simsong/tcpflow/issues/182
Hi, The following vulnerability was published for tcpflow. CVE-2018-14938[0]: | An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through | 1.5.0-alpha. There is an integer overflow in the function handle_prism | during caplen processing. If the caplen is less than 144, one can cause | an integer overflow in the function handle_80211, which will result in | an out-of-bounds read and may allow access to sensitive memory (or a | denial of service). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-14938 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14938 [1] https://github.com/simsong/tcpflow/issues/182 [2] https://github.com/simsong/tcpflow/commit/a4e1cd14eb5ccc51ed271b65b3420f7d692c40eb Regards, Salvatore
