From 32af00b05a6ef573d0b340f97b54c13eb9509dc7 Mon Sep 17 00:00:00 2001 From: Pedro Monreal Date: Thu, 6 Dec 2018 12:18:38 +0100 Subject: [PATCH] CVE-2018-19519 buffer overread. Initialize buf in print-hncp.c:print_prefix. --- print-hncp.c | 2 ++ 1 file changed, 2 insertions(+) Index: tcpdump-4.9.2/print-hncp.c =================================================================== --- tcpdump-4.9.2.orig/print-hncp.c +++ tcpdump-4.9.2/print-hncp.c @@ -206,6 +206,8 @@ print_prefix(netdissect_options *ndo, co int plenbytes; char buf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx::/128")]; + buf[0] = '\0'; + if (prefix[0] >= 96 && max_length >= IPV4_MAPPED_HEADING_LEN + 1 && is_ipv4_mapped_address(&prefix[1])) { struct in_addr addr;