tcpdump mailing list archives
Re: tcpdump <= 3.9.6 BGP dissector integer overflow
From: Guy Harris <guy () alum mit edu>
Date: Sat, 14 Jul 2007 15:35:44 -0700
Peter Volkov wrote:
We received report on security issue in tcpdump: http://bugs.gentoo.org/184815 Could anybody review fix and comment and apply in CVS? Thanks.
I reviewed the fix - it seemed a bit cleaner to have it continue processing the TLVs, without adding to the string, if the string buffer is full.
I've checked in a fix that does that. - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- tcpdump <= 3.9.6 BGP dissector integer overflow Peter Volkov (Jul 10)
- Re: tcpdump <= 3.9.6 BGP dissector integer overflow Guy Harris (Jul 14)