Bug#1038975: sngrep: CVE-2023-36192
Salvatore Bonaccorso
carnil at debian.org
Fri Jun 23 21:50:28 BST 2023
Source: sngrep
Version: 1.7.0-1
Severity: normal
Tags: security upstream
Forwarded: https://github.com/irontec/sngrep/issues/438
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for sngrep.
CVE-2023-36192[0]:
| Sngrep v1.6.0 was discovered to contain a heap buffer overflow via
| the function capture_ws_check_packet at /src/capture.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-36192
https://www.cve.org/CVERecord?id=CVE-2023-36192
[1] https://github.com/irontec/sngrep/issues/438
[2] https://github.com/irontec/sngrep/commit/ad1daf15c8387bfbb48097c25197bf330d2d98fc
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Pkg-voip-maintainers
mailing list