Lucene search

TcpdumpCVELIST:CVE-2020-8037

HistoryNov 04, 2020 - 5:55 p.m.

CVE-2020-8037 ppp decapsulator can be convinced to allocate a large amount of memory

2020-11-0417:55:21

Tcpdump

www.cve.org

cve-2020-8037

tcpdump 4.9.3

memory allocation

AI Score

7.5

Confidence

High

EPSS

0.006

Percentile

78.8%

JSON

The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.

CNA Affected

[
  {
    "product": "tcpdump",
    "vendor": "The TCPdump Group",
    "versions": [
      {
        "status": "affected",
        "version": "4.9.3"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2021/Apr/51

github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231

lists.debian.org/debian-lts-announce/2020/11/msg00018.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2MX34MJIUJQGL6CMEPLTKFOOOC3CJ4Z/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWDBONZVLC6BAOR2KM376DJCM4H3FERV/

support.apple.com/kb/HT212325

support.apple.com/kb/HT212326

support.apple.com/kb/HT212327