CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-18409
https://notcve.org/view.php?id=CVE-2018-18409
17 Oct 2018 — A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an address_histogram call or a get_histogram call. Existe una sobrelectura de búfer basada en pila en setbit() en iptree.h en TCPFLOW 1.5.0, debido a los valores incorrectos recibidos que provocan un cálculo incorrecto, lo que conduce a una denegación de servicio (DoS) durante una llamada address_histogram o get_histogram. • https://github.com/simsong/tcpflow/issues/195 • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 1CVE-2018-14938 – Ubuntu Security Notice USN-3955-1
https://notcve.org/view.php?id=CVE-2018-14938
05 Aug 2018 — An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds read and may allow access to sensitive memory (or a denial of service). Se ha descubierto un problema en wifipcap/wifipcap.cpp en TCPFLOW hasta la versión 1.5.0-alpha. Hay un desbordamiento de enteros en la funció... • https://github.com/simsong/tcpflow/commit/a4e1cd14eb5ccc51ed271b65b3420f7d692c40eb • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •