PT-2019-11452 · Nfdump+1 · Nfdump+1

E3Promo

Publicado

2018-06-22

Atualizado

2022-05-03

CVE-2019-1010057

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: nfdump versions 1.6.16 and earlier

Description: The issue is related to a buffer overflow, which could result in a denial of service or local code execution. The components nfx.c:546, nffile inline.c:83, and minilzo.c are affected. The attack vector involves nfdump reading and processing a specially crafted file.

Recommendations: For versions 1.6.16 and earlier, update to a version after commit 9f0fe9563366f62a71d34c92229da3432ec5cf0e to resolve the issue. As a temporary workaround, consider restricting access to specially crafted files that could trigger the buffer overflow.

Correção

DoS

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALT-PU-2018-1923

CVE-2019-1010057

DLA-2383-1

Produtos afetados

Alt Linux

Nfdump

PT-2019-11452 · Nfdump+1 · Nfdump+1

CVE-2019-1010057

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 16