PT-2019-11452 · Nfdump+1 · Nfdump+1

E3Promo

Published

2018-06-22

Updated

2022-05-03

CVE-2019-1010057

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: nfdump versions 1.6.16 and earlier

Description: The issue is related to a buffer overflow, which could result in a denial of service or local code execution. The components nfx.c:546, nffile inline.c:83, and minilzo.c are affected. The attack vector involves nfdump reading and processing a specially crafted file.

Recommendations: For versions 1.6.16 and earlier, update to a version after commit 9f0fe9563366f62a71d34c92229da3432ec5cf0e to resolve the issue. As a temporary workaround, consider restricting access to specially crafted files that could trigger the buffer overflow.

Fix

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2018-1923

CVE-2019-1010057

DLA-2383-1

Affected Products

Alt Linux

Nfdump

PT-2019-11452 · Nfdump+1 · Nfdump+1

CVE-2019-1010057

Weakness Enumeration

Related Identifiers

Affected Products

References · 16