From nobody Tue Sep 03 17:40:54 2024 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WytGH1v7Xz5TfTT for ; Tue, 03 Sep 2024 17:41:27 +0000 (UTC) (envelope-from henrichhartzer@tuta.io) Received: from mail.w13.tutanota.de (mail.w13.tutanota.de [185.205.69.213]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (P-256) client-digest SHA256) (Client CN "mail.tutanota.de", Issuer "Sectigo ECC Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WytGG2Yttz4CZk for ; Tue, 3 Sep 2024 17:41:26 +0000 (UTC) (envelope-from henrichhartzer@tuta.io) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tuta.io header.s=s1 header.b=PCc9mcmO; dmarc=pass (policy=quarantine) header.from=tuta.io; spf=pass (mx1.freebsd.org: domain of henrichhartzer@tuta.io designates 185.205.69.213 as permitted sender) smtp.mailfrom=henrichhartzer@tuta.io Received: from tutadb.w10.tutanota.de (w10.api.tuta.com [IPv6:fd:ac::d:10]) by mail.w13.tutanota.de (Postfix) with ESMTP id D148F1CD5763; Tue, 3 Sep 2024 19:40:54 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1725385254; s=s1; d=tuta.io; h=From:From:To:To:Subject:Subject:Content-Description:Content-ID:Content-Type:Content-Type:Content-Transfer-Encoding:Content-Transfer-Encoding:Cc:Cc:Date:Date:In-Reply-To:In-Reply-To:MIME-Version:MIME-Version:Message-ID:Message-ID:Reply-To:References:References:Sender; bh=C6sCyPWEYaNrOS5X7UN8urZzY9GCZ9trmn6tabQGisM=; b=PCc9mcmOtB9U1Stk+a3L/FlbFUwnjtwR+kMfdus2jz5VwWb/HJDCyY1kEkd42Sye TxQjxkb72drcXDIguME62xB9+98yMOiJXLBMAI6tExBbl0WgsgmOqVAQhx/ByvVSoBO gng0F3WBVYqLuJRy8DpwTJxuJagsc4ZxksqRpdLZGMGqbfL65PUgcRwhZpNlNUAzTzn h6Km3kYB91pMwv6DpTEHOCGqBOZXP4tE2rBHDyS9G6szb43jzOOp8STHe4I7dJqBDX3 3/kBKGAlfTncyJlgnIdyUtVXvygzb20QgwXt42Ot3ERW2agRX5wsJcprnOHOlJr4q4O drRgWKvi3g== Date: Tue, 3 Sep 2024 19:40:54 +0200 (CEST) From: henrichhartzer@tuta.io To: James Watt Cc: Freebsd Security Message-ID: In-Reply-To: References: Subject: Re: Security Vulnerability - Action Required: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability may in your project List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.20 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.999]; DMARC_POLICY_ALLOW(-0.50)[tuta.io,quarantine]; R_DKIM_ALLOW(-0.20)[tuta.io:s=s1]; R_SPF_ALLOW(-0.20)[+ip4:185.205.69.0/24]; RWL_MAILSPIKE_VERYGOOD(-0.20)[185.205.69.213:from]; MIME_GOOD(-0.10)[text/plain]; RCVD_COUNT_ONE(0.00)[1]; ARC_NA(0.00)[]; FROM_NO_DN(0.00)[]; ASN(0.00)[asn:210909, ipnet:185.205.69.0/24, country:DE]; MISSING_XM_UA(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_TO(0.00)[gmail.com]; MID_RHS_MATCH_FROM(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; TAGGED_RCPT(0.00)[]; TO_DN_ALL(0.00)[]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; RCVD_TLS_LAST(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; DKIM_TRACE(0.00)[tuta.io:+] X-Rspamd-Queue-Id: 4WytGG2Yttz4CZk Hi, there > =C2=A0 =C2=A0we have detected that your project may be vulnerable to ILoo= p with Unreachable Exit Condition ('Infinite Loop') in the function of ` pp= p_hdlc ` in the file of ` contrib/tcpdump/print-ppp.c ` . It shares similar= ities to a recent CVE disclosure [CVE-2024-2397](> https://nvd.nist.gov/vul= n/detail/CVE-2024-2397> ) in the=C2=A0> https://github.com/the-tcpdump-grou= p/tcpdump > > **The source vulnerability information is as follows:** > > > Vulnerability Detail: > > CVE Identifier: CVE-2024-2397 > > Description:=C2=A0Due to a bug in packet data buffers management, the P= PP printer in tcpdump can enter an infinite loop when reading a crafted DLT= _PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump releas= e, but it affected the git master branch from 2023-06-05 to 2024-03-21. > > Reference:=C2=A0> https://nvd.nist.gov/vuln/detail/CVE-2024-2397 > > Patch:=C2=A0> https://github.com/the-tcpdump-group/tcpdump/commit/b9811= ef5bb1b7d45a90e042f81f3aaf233c8bcb2 > > > Would you help to check if this bug is true? If it's true, I'd like to op= en a PR for that if necessary. Thank you for your effort and patience! > > Best regards, > James=C2=A0=C2=A0 > > Hi James, I can't speak authoritatively here at all. Not a committer to src or anythi= ng like that, nor a FreeBSD security expert. I do appreciate your concern for FreeBSD, though! And I think this was merg= ed in already: https://cgit.freebsd.org/src/commit/contrib/tcpdump/print-pp= p.c?id=3Df8860353d4f4c25bacdae5bc1cfb7a95edc9bfe0 Might be worth having another glance over it. I don't see an advisory publi= shed, but I'm not sure if that was pushed into a release or not. https://www.freebsd.org/security/advisories/ Thanks! -Henrich