CVE-2024-52949

NameCVE-2024-52949
Descriptioniptraf-ng 1.2.1 has a stack-based buffer overflow. In src/ifaces.c, the strcpy function consistently fails to control the size, and it is consequently possible to overflow memory on the stack.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1090381

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
iptraf-ng (PTS)bookworm, bullseye1:1.2.1-1vulnerable
sid, trixie1:1.2.1-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iptraf-ngsource(unstable)(unfixed)unimportant1090381

Notes

https://github.com/iptraf-ng/iptraf-ng/commit/2b623e991115358a57275af8a53feb5ae707b3ae (v1.2.2)
Negligible security impact
Search for package or bug name: Reporting problems