tcpdump: Fix CVE-2018-16301
authorHauke Mehrtens <hauke@hauke-m.de>
Sat, 12 Feb 2022 22:13:47 +0000 (23:13 +0100)
committerHauke Mehrtens <hauke@hauke-m.de>
Sat, 12 Feb 2022 22:22:05 +0000 (23:22 +0100)
commit8f5875c4e221453932f217a82f8c3092cacba3e5
treec99555470aaac87b499a2e2c8d54735cc8fe74cb
parent2fd208e2724e330ee9f42acb1c76be8942f968b2
tcpdump: Fix CVE-2018-16301

This fixes the following security problem:
The command-line argument parser in tcpdump before 4.99.0 has a buffer
overflow in tcpdump.c:read_infile(). To trigger this vulnerability the
attacker needs to create a 4GB file on the local filesystem and to
specify the file name as the value of the -F command-line argument of
tcpdump.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
package/network/utils/tcpdump/Makefile
package/network/utils/tcpdump/patches/102-CVE-2018-16301.patch [new file with mode: 0644]