Candidate: CVE-2020-8036
PublicDate: 2020-11-04 18:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8036
Description:
 The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP
 dissector in an unsafe way.
Ubuntu-Description:
Notes:
 sbeattie> introduced in the 4.10 tcpdump devel cycle.
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_tcpdump:
 upstream: https://github.com/the-tcpdump-group/tcpdump/commit/e2256b4f2506102be2c6f7976f84f0d607c53d43
upstream_tcpdump: released (4.99.0-2)
precise/esm_tcpdump: ignored (end of ESM support, was needs-triage)
trusty_tcpdump: ignored (out of standard support)
trusty/esm_tcpdump: not-affected (code not present)
xenial_tcpdump: ignored (end of standard support, was needs-triage)
esm-infra/xenial_tcpdump: not-affected (code not present)
bionic_tcpdump: not-affected (code not present)
focal_tcpdump: not-affected (code not present)
groovy_tcpdump: not-affected (code not present)
hirsute_tcpdump: not-affected (code not present)
impish_tcpdump: not-affected (4.99.0-2)
jammy_tcpdump: not-affected (4.99.0-2)
devel_tcpdump: not-affected (4.99.0-2)