CVE-2020-8037

Name
CVE-2020-8037
Description
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231
Mailing List https://lists.debian.org/debian-lts-announce/2020/11/msg00018.html
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LWDBONZVLC6BAOR2KM376DJCM4H3FERV/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2MX34MJIUJQGL6CMEPLTKFOOOC3CJ4Z/
Third Party Advisory https://support.apple.com/kb/HT212327
Third Party Advisory https://support.apple.com/kb/HT212326
Third Party Advisory https://support.apple.com/kb/HT212325
FULLDISC http://seclists.org/fulldisclosure/2021/Apr/51

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:tcpdump:tcpdump:4.9.3:*:*:*:*:*:*:* tcpdump == None == 4.9.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
tcpdump 3.11-main 4.9.3-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
tcpdump 3.10-main 4.9.3-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
tcpdump 3.12-main 4.9.3-r2 Natanael Copa <ncopa@alpinelinux.org> fixed