CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-7932 – tcpdump: multiple overflow issues in protocol decoding
https://notcve.org/view.php?id=CVE-2016-7932
The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum(). El analizador PIM en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-pim.c:pimv2_check_checksum(). Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop. • http://www.debian.org/security/2017/dsa-3775 http://www.securityfocus.com/bid/95852 http://www.securitytracker.com/id/1037755 https://access.redhat.com/errata/RHSA-2017:1871 https://security.gentoo.org/glsa/201702-30 https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html https://access.redhat.com/security/cve/CVE-2016-7932 https://bugzilla.redhat.com/show_bug.cgi?id=1419066 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-7935 – tcpdump: multiple overflow issues in protocol decoding
https://notcve.org/view.php?id=CVE-2016-7935
The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print(). El analizador RTP en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-udp.c:rtp_print(). Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop. • http://www.debian.org/security/2017/dsa-3775 http://www.securityfocus.com/bid/95852 http://www.securitytracker.com/id/1037755 https://access.redhat.com/errata/RHSA-2017:1871 https://security.gentoo.org/glsa/201702-30 https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html https://access.redhat.com/security/cve/CVE-2016-7935 https://bugzilla.redhat.com/show_bug.cgi?id=1419066 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-7938 – tcpdump: multiple overflow issues in protocol decoding
https://notcve.org/view.php?id=CVE-2016-7938
The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame(). El analizador ZeroMQ en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de entero en print-zeromq.c:zmtp1_print_frame(). Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop. • http://www.debian.org/security/2017/dsa-3775 http://www.securityfocus.com/bid/95852 http://www.securitytracker.com/id/1037755 https://access.redhat.com/errata/RHSA-2017:1871 https://security.gentoo.org/glsa/201702-30 https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html https://access.redhat.com/security/cve/CVE-2016-7938 https://bugzilla.redhat.com/show_bug.cgi?id=1419066 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-8575 – tcpdump: multiple overflow issues in protocol decoding
https://notcve.org/view.php?id=CVE-2016-8575
The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482. El analizador Q.933 en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-fr.c:q933_print(), una vulnerabilidad diferente a CVE-2017-5482. Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop. • http://www.debian.org/security/2017/dsa-3775 http://www.securityfocus.com/bid/95852 http://www.securitytracker.com/id/1037755 https://access.redhat.com/errata/RHSA-2017:1871 https://security.gentoo.org/glsa/201702-30 https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html https://access.redhat.com/security/cve/CVE-2016-8575 https://bugzilla.redhat.com/show_bug.cgi?id=1419066 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 30%CPEs: 12EXPL: 0CVE-2017-5202 – tcpdump: multiple overflow issues in protocol decoding
https://notcve.org/view.php?id=CVE-2017-5202
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print(). El analizador ISO CLNS en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-isoclns.c:clnp_print(). Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop. • http://www.debian.org/security/2017/dsa-3775 http://www.securityfocus.com/bid/95852 http://www.securitytracker.com/id/1037755 https://access.redhat.com/errata/RHSA-2017:1871 https://security.gentoo.org/glsa/201702-30 https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html https://access.redhat.com/security/cve/CVE-2017-5202 https://bugzilla.redhat.com/show_bug.cgi?id=1419066 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •