CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12995
https://notcve.org/view.php?id=CVE-2017-12995
The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print(). El analizador sintáctico DNS en tcpdump en versiones anteriores a la 4.9.2 podría introducir un bucle infinito por un fallo en print-domain.c:ns_print(). • http://www.debian.org/security/2017/dsa-3971 http://www.securitytracker.com/id/1039307 http://www.tcpdump.org/tcpdump-changes.txt https://access.redhat.com/errata/RHEA-2018:0705 https://github.com/the-tcpdump-group/tcpdump/commit/3a76fd7c95fced2c2f8c8148a9055c3a542eff29 https://security.gentoo.org/glsa/201709-23 https://support.apple.com/HT208221 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12996
https://notcve.org/view.php?id=CVE-2017-12996
The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print(). El analizador sintáctico PIMv2 en tcpdump en versiones anteriores a la 4.9.2 tiene una vulnerabilidad de sobrelectura de búfer en print-pim.c:pimv2_print(). • http://www.debian.org/security/2017/dsa-3971 http://www.securitytracker.com/id/1039307 http://www.tcpdump.org/tcpdump-changes.txt https://access.redhat.com/errata/RHEA-2018:0705 https://github.com/the-tcpdump-group/tcpdump/commit/6fca58f5f9c96749a575f52e20598ad43f5bdf30 https://security.gentoo.org/glsa/201709-23 https://support.apple.com/HT208221 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12997
https://notcve.org/view.php?id=CVE-2017-12997
The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-lldp.c:lldp_private_8021_print(). El analizador sintáctico LLDP en tcpdump en versiones anteriores a la 4.9.2 podría introducir un bucle infinito por un fallo en print-lldp.c:lldp_private_8021_print(). • http://www.debian.org/security/2017/dsa-3971 http://www.securityfocus.com/bid/100914 http://www.securitytracker.com/id/1039307 http://www.tcpdump.org/tcpdump-changes.txt https://access.redhat.com/errata/RHEA-2018:0705 https://github.com/the-tcpdump-group/tcpdump/commit/34cec721d39c76be1e0a600829a7b17bdfb832b6 https://security.gentoo.org/glsa/201709-23 https://support.apple.com/HT208221 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5482 – tcpdump: multiple overflow issues in protocol decoding
https://notcve.org/view.php?id=CVE-2017-5482
The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575. El analizador Q.933 en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-fr.c:q933_print(), una vulnerabilidad diferente a CVE-2016-8575. Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop. • http://www.debian.org/security/2017/dsa-3775 http://www.securityfocus.com/bid/95852 http://www.securitytracker.com/id/1037755 https://access.redhat.com/errata/RHSA-2017:1871 https://security.gentoo.org/glsa/201702-30 https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html https://access.redhat.com/security/cve/CVE-2017-5482 https://bugzilla.redhat.com/show_bug.cgi?id=1419066 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5483 – tcpdump: multiple overflow issues in protocol decoding
https://notcve.org/view.php?id=CVE-2017-5483
The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1_parse(). El analizador SNMP en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-snmp.c:asn1_parse(). Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop. • http://www.debian.org/security/2017/dsa-3775 http://www.securityfocus.com/bid/95852 http://www.securitytracker.com/id/1037755 https://access.redhat.com/errata/RHSA-2017:1871 https://security.gentoo.org/glsa/201702-30 https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html https://access.redhat.com/security/cve/CVE-2017-5483 https://bugzilla.redhat.com/show_bug.cgi?id=1419066 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •