PublicDateAtUSN: 2020-11-04 18:15:00 UTC
Candidate: CVE-2020-8037
PublicDate: 2020-11-04 18:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8037
 https://ubuntu.com/security/notices/USN-5331-1
 https://ubuntu.com/security/notices/USN-5331-2
Description:
 The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large
 amount of memory.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to: litios
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_tcpdump:
 upstream: https://github.com/the-tcpdump-group/tcpdump/commit/e4add0b010ed6f2180dcb05a13026242ed935334 (master)
 upstream: https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231 (4.9)
upstream_tcpdump: released (4.99.0-2, 4.9.3-7)
precise/esm_tcpdump: ignored (end of ESM support, was needs-triage)
trusty_tcpdump: ignored (out of standard support)
trusty/esm_tcpdump: needed
xenial_tcpdump: ignored (end of standard support, was needs-triage)
esm-infra/xenial_tcpdump: released (4.9.3-0ubuntu0.16.04.1+esm1)
bionic_tcpdump: released (4.9.3-0ubuntu0.18.04.2)
focal_tcpdump: released (4.9.3-4ubuntu0.1)
groovy_tcpdump: ignored (reached end-of-life)
hirsute_tcpdump: not-affected (4.9.3-7)
impish_tcpdump: not-affected (4.99.0-2)
jammy_tcpdump: not-affected (4.99.0-2)
devel_tcpdump: not-affected (4.99.0-2)