| Package | tcpdump |
|---|---|
| Version | 4.9.3-1~deb8u2 |
| Related CVEs | CVE-2020-8037 |
The ppp de-capsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
The buffer should be big enough to hold the captured data, but it doesn’t need to be big enough to hold the entire on-the-network packet, if we haven’t captured all of it.
For Debian 8 jessie, these problems have been fixed in version 4.9.3-1~deb8u2.
We recommend that you upgrade your tcpdump packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.