CVE-2019-11360

NameCVE-2019-11360
DescriptionA buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
iptables (PTS)stretch1.6.0+snapshot20161117-6vulnerable
buster1.8.2-4vulnerable
bullseye, sid1.8.5-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iptablessource(unstable)1.8.3-2unimportant

Notes

https://git.netfilter.org/iptables/commit/iptables/xshared.c?id=2ae1099a42e6a0f06de305ca13a842ac83d4683e (1.8.3)
https://0day.work/cve-2019-11360-bufferoverflow-in-iptables-restore-v1-8-2/
Negligible security impact
Search for package or bug name: Reporting problems