DEBIAN-CVE-2018-14938

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2018-14938
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2018-14938.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2018-14938
Upstream
Published
2018-08-05T03:29:00Z
Modified
2025-09-30T03:54:23Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handleprism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle80211, which will result in an out-of-bounds read and may allow access to sensitive memory (or a denial of service).

References

Affected packages

Debian:11 / tcpflow

Package

Name
tcpflow
Purl
pkg:deb/debian/tcpflow?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.0+repack1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / tcpflow

Package

Name
tcpflow
Purl
pkg:deb/debian/tcpflow?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.0+repack1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / tcpflow

Package

Name
tcpflow
Purl
pkg:deb/debian/tcpflow?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.0+repack1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / tcpflow

Package

Name
tcpflow
Purl
pkg:deb/debian/tcpflow?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.0+repack1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}