Add CVE-2023-39197

author: Salvatore Bonaccorso <carnil@debian.org> 2023-11-09 22:48:36 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2023-11-09 22:48:36 +0100
commit: 9ad2e3bea31e045e0c3e67412ba06b937dc7e5b8 (patch)
tree: 2f777111f23e69e63033dc96755a8e384cf81ee0 /active/CVE-2023-39197
parent: 5e855f2ac2cfbebf82aad6d1c8ef7fa9f26f1ef7 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/active/CVE-2023-39197 b/active/CVE-2023-39197
new file mode 100644
index 000000000..a12645834
--- /dev/null
+++ b/active/CVE-2023-39197
@@ -0,0 +1,16 @@
+Description: netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2218342
+ https://www.zerodayinitiative.com/advisories/ZDI-CAN-21202
+Notes:
+ carnil> Commit fixes 2bc780499aa3 ("[NETFILTER]: nf_conntrack: add DCCP
+ carnil> protocol support").
+Bugs:
+upstream: released (6.5-rc1) [ff0a3a7d52ff7282dbd183e7fc29a1fe386b0c30]
+6.1-upstream-stable: released (6.1.39) [26bd1f210d3783a691052c51d76bb8a8bbd24c67]
+5.10-upstream-stable: released (5.10.188) [9bdcda7abaf22f6453e5b5efb7eb4e524095d5d8]
+4.19-upstream-stable: needed
+sid: released (6.4.4-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: needed
author	Salvatore Bonaccorso <carnil@debian.org>	2023-11-09 22:48:36 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2023-11-09 22:48:36 +0100
commit	9ad2e3bea31e045e0c3e67412ba06b937dc7e5b8 (patch)
tree	2f777111f23e69e63033dc96755a8e384cf81ee0 /active/CVE-2023-39197
parent	5e855f2ac2cfbebf82aad6d1c8ef7fa9f26f1ef7 (diff)