CVE-2018-18409
Description
A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an address_histogram call or a get_histogram call.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.323
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| TCP flow recorder (USN-3955-1) tcpflow_1.4.5+repack1-1ubuntu0.1_i386.deb | Linux |
| TCP flow recorder (USN-3955-1) tcpflow_1.4.5+repack1-1ubuntu0.1_amd64.deb | Linux |
| TCP flow recorder (USN-3955-1) tcpflow_1.4.5+repack1-4ubuntu0.18.04.1_i386.deb | Linux |
| TCP flow recorder (USN-3955-1) tcpflow_1.4.5+repack1-4ubuntu0.18.04.1_amd64.deb | Linux |
| TCP flow recorder (USN-3955-1) tcpflow_1.4.5+repack1-4ubuntu0.18.10.1_i386.deb | Linux |
| TCP flow recorder (USN-3955-1) tcpflow_1.4.5+repack1-4ubuntu0.18.10.1_amd64.deb | Linux |
| TCP flow recorder (USN-3955-1) tcpflow-nox_1.4.5+repack1-1ubuntu0.1_i386.deb | Linux |
| TCP flow recorder (USN-3955-1) tcpflow-nox_1.4.5+repack1-1ubuntu0.1_amd64.deb | Linux |
| TCP flow recorder (USN-3955-1) tcpflow-nox_1.4.5+repack1-4ubuntu0.18.04.1_i386.deb | Linux |
| TCP flow recorder (USN-3955-1) tcpflow-nox_1.4.5+repack1-4ubuntu0.18.04.1_amd64.deb | Linux |
| TCP flow recorder (USN-3955-1) tcpflow-nox_1.4.5+repack1-4ubuntu0.18.10.1_i386.deb | Linux |
| TCP flow recorder (USN-3955-1) tcpflow-nox_1.4.5+repack1-4ubuntu0.18.10.1_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234