CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2018-16452 – tcpdump: Resource exhaustion in smb_fdata() funtion in smbutil.c
https://notcve.org/view.php?id=CVE-2018-16452
01 Oct 2019 — The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion. El analizador SMB en tcpdump versiones anteriores a 4.9.3, presenta un agotamiento de pila en smbutil.c:smb_fdata() mediante la recursividad. Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 0CVE-2018-16230 – tcpdump: Buffer over-read in bgp_attr_print() function in print-bgp.c
https://notcve.org/view.php?id=CVE-2018-16230
01 Oct 2019 — The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). El analizador BGP en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del búfer en print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applic... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 2%CPEs: 12EXPL: 0CVE-2018-16228 – tcpdump: Access to uninitialized buffer in print_prefix() function in print-hncp.c
https://notcve.org/view.php?id=CVE-2018-16228
01 Oct 2019 — The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix(). El analizador HNCP en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del búfer en print-hncp.c:print_prefix(). A flaw was found in tcpdump where an uninitialized buffer is accessed in tcpdump while printing HNCP packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and cr... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html • CWE-125: Out-of-bounds Read CWE-665: Improper Initialization •
CVSS: 7.0EPSS: 1%CPEs: 13EXPL: 1CVE-2018-14879 – tcpdump: Out of bounds read/write in in get_next_file() in tcpdump.c
https://notcve.org/view.php?id=CVE-2018-14879
01 Oct 2019 — The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file(). El analizador de argumentos de la línea de comandos en tcpdump versiones anteriores a 4.9.3, presenta un desbordamiento de búfer en tcpdump.c:get_next_file(). An out-of-bounds write vulnerability was discovered in tcpdump while reading the file passed to the -V option of the command line program. An attacker may abuse this flaw by tricking a victim user into using a malicious file with the -V option,... • https://github.com/Trinadh465/external_tcpdump_CVE-2018-14879 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 15%CPEs: 12EXPL: 0CVE-2018-16227 – tcpdump: Buffer over-read in print-802_11.c
https://notcve.org/view.php?id=CVE-2018-16227
01 Oct 2019 — The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield. El analizador IEEE 802.11 en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del búfer en el archivo print-802_11.c para el subcampo Mesh Flags. An out-of-bounds read vulnerability was discovered in tcpdump while printing IEEE 802.11 packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, ... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 13%CPEs: 14EXPL: 0CVE-2018-16229 – tcpdump: Buffer over-read in dccp_print_option() function in print-dccp.c
https://notcve.org/view.php?id=CVE-2018-16229
01 Oct 2019 — The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option(). El analizador DCCP en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del búfer en print-dccp.c:dccp_print_option(). An out-of-bounds read vulnerability was discovered in tcpdump while printing DCCP packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the a... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1010220
https://notcve.org/view.php?id=CVE-2019-1010220
22 Jul 2019 — tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". The attack vector is: The victim must open a specially crafted pcap file. tcpdump de tcpdump.org versión 4.9.2 está afectado por: CWE-126: Sobrecarga del Búfer. El impacto es: puede exponer el Puntero Frame Guardado, la Dirección de Retorno, etc. en la p... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19519 – tcpdump: Stack-based buffer over-read in print-hncp.c:print_prefix() via crafted pcap
https://notcve.org/view.php?id=CVE-2018-19519
25 Nov 2018 — In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization. En la versión 4.9.2 de tcpdump, existe un una sobrelectura de búfer basada en pila en la función print_prefix de print-hncp.c mediante un paquete de datos manipulado debido a la falta de una inicialización. USN-4252-1 fixed several vulnerabilities in tcpdump. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Mul... • http://www.securityfocus.com/bid/106098 • CWE-125: Out-of-bounds Read CWE-909: Missing Initialization of Resource •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-16808 – Ubuntu Security Notice USN-4252-2
https://notcve.org/view.php?id=CVE-2017-16808
13 Nov 2017 — tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c. tcpdump en versiones anteriores a la 4.9.3 tiene una lectura en exceso del búfer en la región heap de la memoria relacionada con aoe_print en print-aoe.c y lookup_emem en addrtoname.c. USN-4252-1 fixed several vulnerabilities in tcpdump. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Multiple security issues were discovered in tcpdump. A remote... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-3138
https://notcve.org/view.php?id=CVE-2015-3138
27 Sep 2017 — print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash). print-wb.c en tcpdump en versiones anteriores a la 4.7.4 permite que los atacantes provoquen una denegación de servicio (fallo de segmentación y cierre inesperado del proceso). • http://lists.opensuse.org/opensuse-updates/2017-05/msg00018.html • CWE-20: Improper Input Validation •