CVSS: 6.8EPSS: 17%CPEs: 1EXPL: 2CVE-2015-2153 – TcpDump - rpki_rtr_pdu_print Out-of-Bounds Denial of Service
https://notcve.org/view.php?id=CVE-2015-2153
The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU). La función rpki_rtr_pdu_print en print-rpki-rtr.c en la impresora TCP en tcpdump anterior a 4.7.2 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída) a través de una longitud de cabecera manipulada en una unidad de datos de protocolos (PDU) RPKI-RTR. tcpdump suffers from a rpki_rtr_pdu_print denial of service vulnerability. Versions affected include 4.6.2, 4.5.1, and 4.4.0. • https://www.exploit-db.com/exploits/37663 https://github.com/arntsonl/CVE-2015-2153 http://advisories.mageia.org/MGASA-2015-0114.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153834.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153999.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00084.html http://packetstormsecurity.com/files/130730/tcpdump-Denial-Of-Service-Code-Execution.html http://www.debian.org/security/2015/dsa-3193 http&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 11%CPEs: 1EXPL: 0CVE-2015-2154 – tcpdump: ethernet printer osi_print_cksum() missing sanity checks out-of-bounds read
https://notcve.org/view.php?id=CVE-2015-2154
The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value. La función osi_print_cksum en print-isoclns.c en la impresora ethernet en tcpdump anterior a 4.7.2 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída) a través de un valor de (1) longitud, (2) desplazamiento, o (3) checksum de puntero base. • http://advisories.mageia.org/MGASA-2015-0114.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153834.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153999.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00084.html http://packetstormsecurity.com/files/130730/tcpdump-Denial-Of-Service-Code-Execution.html http://www.debian.org/security/2015/dsa-3193 http://www.mandriva.com/security/advisories?name=MDVSA-2015:125 http://www.mandriva.com/sec • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 2%CPEs: 7EXPL: 0CVE-2015-2155 – tcpdump: force printer vulnerability
https://notcve.org/view.php?id=CVE-2015-2155
The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. La impresora de fuerza en tcpdump en versiones anteriores a 4.7.2 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de vectores no especificados. • http://advisories.mageia.org/MGASA-2015-0114.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153834.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00084.html http://packetstormsecurity.com/files/130730/tcpdump-Denial-Of-Service-Code-Execution.html http://www.debian.org/security/2015/dsa-3193 http://www.mandriva.com/security/advisories?name=MDVSA-2015:125 http://www.mandriva.com/security/advisories?name=MDVSA-2015:182 http://www.oracle.com/technetwork/topics/ •
CVSS: 5.0EPSS: 13%CPEs: 1EXPL: 1CVE-2014-9140
https://notcve.org/view.php?id=CVE-2014-9140
Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet. Desbordamiento de buffer en la función ppp_hdlc en print-ppp.c en tcpdump 4.6.2 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) a través de un paquete PPP manipulado. • http://advisories.mageia.org/MGASA-2014-0511.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00084.html http://packetstormsecurity.com/files/130730/tcpdump-Denial-Of-Service-Code-Execution.html http://seclists.org/tcpdump/2014/q4/72 http://www.debian.org/security/2014/dsa-3086 http://www.debian.org/security/2015/dsa-3193 http://www.mandriva.com/security/advisories?name=MDVSA-2014:240 http://www. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.4EPSS: 5%CPEs: 23EXPL: 3CVE-2014-8769 – tcpdump 4.6.2 AOVD Unreliable Output
https://notcve.org/view.php?id=CVE-2014-8769
tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access. tcpdump 3.8 hasta 4.6.2 podría permitir a atacantes remotos obtener información sensible de la memoria o causar una denegación de servicio ( paquetes perdidos o fallo de segmentación) a través de un paquete manipulado Ad hoc On-Demand Distance (AODV), que desencadena un acceso a memoria fuera de rango. It was found out that malformed network traffic (AOVD-based) can lead to an abnormal behavior if verbose output of tcpdump monitoring the network is used. Affected versions are 3.8 through 4.6.2. • http://advisories.mageia.org/MGASA-2014-0503.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html http://packetstormsecurity.com/files/129157/tcpdump-4.6.2-AOVD-Unreliable-Output.html http://seclists.org/fulldisclosure/2014/Nov/49 http://www.debian.org/security/2014/dsa-3086 http://www.mandriva.com/security/advisories?name=MDVSA-2014:240 http://www.mandriva.com/security/advisories?name=MDVSA-2015:125 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •