E3Promo

Name of the Vulnerable Software and Affected Versions: nfdump versions 1.6.16 and earlier Description: The issue is related to a buffer overflow, which could result in a denial of service or local code execution. The components `nfx.c:546`, `nffile inline.c:83`, and `minilzo.c` are affected. The attack vector involves `nfdump` reading and processing a specially crafted file. Recommendations: For versions 1.6.16 and earlier, update to a version after commit 9f0fe9563366f62a71d34c92229da3432ec5cf0e to resolve the issue. As a temporary workaround, consider restricting access to specially crafted files that could trigger the buffer overflow.