tcpdump.org Information for VU#797201
tcpdump vulnerable to buffer overflow via improper decoding of AFS RPC (Rx) packets
- Vendor Information Help Date Notified:
- Statement Date:
- Date Updated: 12 Jun 2002
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Per tcpdump.org CVS annotations [http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-rx.c]: "Don't allow STROUT() to use a negative string length." See also [http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-rx.c?r1=1.22&r2=1.23].
If you have feedback, comments, or additional information about this vulnerability, please send us email.