CVE-2018-16230 – tcpdump: Buffer over-read in bgp_attr_print() function in print-bgp.c
https://notcve.org/view.php?id=CVE-2018-16230
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). El analizador BGP en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del búfer en print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES https://github.com/the-tcpdump-group/tcpdump/commit/13d52e9c0e7caf7e6325b0051bc90a49968be67f https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-125: Out-of-bounds Read •
CVE-2018-16451 – tcpdump: Buffer over-read in print_trans() function in print-smb.c
https://notcve.org/view.php?id=CVE-2018-16451
The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. El analizador SMB en tcpdump versiones anteriores a 4.9.3, presenta lecturas excesivas del búfer en print-smb.c:print_trans() para \MAILSLOT\BROWSE y \PIPE\LANMAN. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES https://github.com/the-tcpdump-group/tcpdump/commit/96480ab95308cd9234b4f09b175ebf60e17792c6 https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-125: Out-of-bounds Read •
CVE-2019-15166 – lmp_print in tcpdump lacks certain boundary checks
https://notcve.org/view.php?id=CVE-2019-15166
lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. La función lmp_print_data_link_subobjs() en el archivo print-lmp.c en tcpdump versiones anteriores a 4.9.3, carece de ciertas comprobaciones de límites. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4 https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2019-11042 – heap-buffer-overflow on exif_process_user_comment in EXIF extension
https://notcve.org/view.php?id=CVE-2019-11042
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. Cuando la extensión EXIF de PHP está analizando información EXIF de una imagen, p.ej. por medio de la función exif_read_data(), en PHP versiones 7.1.x anteriores a 7.1.31, versiones 7.2.x anteriores a 7.2.21 y versiones 7.3.x anteriores a 7.3.8, es posible suministrarle datos que harán que se lea más allá del búfer asignado . Esto puede conllevar a la divulgación de información o bloqueo. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html http://seclists.org/fulldisclosure/2019/Oct/15 http://seclists.org/fulldisclosure/2019/Oct/55 https://access.redhat.com/errata/RHSA-2019:3299 https://bugs.php.net/bug.php?id=78256 https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html https://seclists.org/bugtraq/2019/Oct/9 https://seclists.org/bugtraq/2019/Sep/35 https://seclists.org/bugtraq/2019/Sep/38 https://security.netapp • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVE-2019-11041 – heap-buffer-overflow on exif_scan_thumbnail in EXIF extension
https://notcve.org/view.php?id=CVE-2019-11041
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. Cuando la extensión EXIF de PHP está analizando información EXIF de una imagen, p.ej. por medio de la función exif_read_data(), en PHP versiones 7.1.x anteriores a 7.1.31, versiones 7.2.x anteriores a 7.2.21 y versiones 7.3.x anteriores a 7.3.8, es posible suministrarle datos que causará que se lea más allá del búfer asignado. Esto puede conllevar a la divulgación de información o bloqueo. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html http://seclists.org/fulldisclosure/2019/Oct/15 http://seclists.org/fulldisclosure/2019/Oct/55 https://access.redhat.com/errata/RHSA-2019:3299 https://bugs.php.net/bug.php?id=78222 https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html https://seclists.org/bugtraq/2019/Oct/9 https://seclists.org/bugtraq/2019/Sep/35 https://seclists.org/bugtraq/2019/Sep/38 https://security.netapp • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •