CVE-2020-8037

EPSS 0.22%
Published 04.11.2020 18:15:20
Last modified 21.11.2024 05:38:16
Source security@tcpdump.org
Teams watchlist Login
Open Login

The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.

Affected products Warnungen 0 Metrics 3 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Tcpdump ≫ Tcpdump Version4.9.3

Debian ≫ Debian Linux Version9.0

Fedoraproject ≫ Fedora Version32

Fedoraproject ≫ Fedora Version33

Apple ≫ macOS X Version < 10.14.6

Apple ≫ macOS X Version >= 10.15 < 10.15.7

Apple ≫ macOS X Version10.14.6 Update-

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2019-001

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2019-002

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2020-001

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2020-002

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2020-003

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2020-004

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2020-005

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2020-006

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2020-007

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2021-001

Apple ≫ macOS X Version10.15.7 Update-

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2020-001

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-001

Apple ≫ macOS X Version10.15.7 Updatesupplemental_update

Apple ≫ macOS Version >= 11.0 < 11.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.22%	0.445

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

http://seclists.org/fulldisclosure/2021/Apr/51

Third Party Advisory

Mailing List

https://support.apple.com/kb/HT212326

Third Party Advisory

https://support.apple.com/kb/HT212327

Third Party Advisory

https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231

Patch

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2020/11/msg00018.html

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2MX34MJIUJQGL6CMEPLTKFOOOC3CJ4Z/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWDBONZVLC6BAOR2KM376DJCM4H3FERV/

https://support.apple.com/kb/HT212325

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-8037

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-8037

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-8037

EUVD