CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2018-16230 – tcpdump: Buffer over-read in bgp_attr_print() function in print-bgp.c
https://notcve.org/view.php?id=CVE-2018-16230
01 Oct 2019 — The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). El analizador BGP en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del búfer en print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applic... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16300 – tcpdump: Resource exhaustion in bgp_attr_print() function in print-bgp.c
https://notcve.org/view.php?id=CVE-2018-16300
01 Oct 2019 — The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. El analizador BGP en tcpdump versiones anteriores a 4.9.3, permite el consumo de pila en print-bgp.c:bgp_attr_print() debido a una recursividad ilimitada. An uncontrolled resource consumption flaw was discovered in the way tcpdump prints BGP packets. The BGP protocol allows ATTR_SET to be nested as many times as the message can accommodate, however when a specially crafted packet i... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2018-16451 – tcpdump: Buffer over-read in print_trans() function in print-smb.c
https://notcve.org/view.php?id=CVE-2018-16451
01 Oct 2019 — The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. El analizador SMB en tcpdump versiones anteriores a 4.9.3, presenta lecturas excesivas del búfer en print-smb.c:print_trans() para \MAILSLOT\BROWSE y \PIPE\LANMAN. Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade pers... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2018-16452 – tcpdump: Resource exhaustion in smb_fdata() funtion in smbutil.c
https://notcve.org/view.php?id=CVE-2018-16452
01 Oct 2019 — The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion. El analizador SMB en tcpdump versiones anteriores a 4.9.3, presenta un agotamiento de pila en smbutil.c:smb_fdata() mediante la recursividad. Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10103 – tcpdump: SMB data printing mishandled
https://notcve.org/view.php?id=CVE-2018-10103
01 Oct 2019 — tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). tcpdump versiones anteriores a 4.9.3, maneja inapropiadamente la impresión de datos SMB (problema 1 de 2). Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed in... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10105 – tcpdump: SMB data printing mishandled
https://notcve.org/view.php?id=CVE-2018-10105
01 Oct 2019 — tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). tcpdump versiones anteriores a 4.9.3, maneja inapropiadamente la impresión de datos SMB (problema 2 de 2). Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed in... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16301 – Ubuntu Security Notice USN-5331-2
https://notcve.org/view.php?id=CVE-2018-16301
01 Oct 2019 — The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump. El analizador de argumentos de la línea de comandos en tcpdump antes de la versión 4.99.0 tiene un desbordamiento de búfer en tcpdump.c:read_infile(). Para desencadenar esta vulnerabilidad, el atacante necesita crear un arch... • https://github.com/the-tcpdump-group/tcpdump/commit/ad7c25bc0decf96dc7768c9e903734d38528b1bd • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1010220 – openSUSE Security Advisory - openSUSE-SU-2019:2344-1
https://notcve.org/view.php?id=CVE-2019-1010220
22 Jul 2019 — tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". The attack vector is: The victim must open a specially crafted pcap file. tcpdump de tcpdump.org versión 4.9.2 está afectado por: CWE-126: Sobrecarga del Búfer. El impacto es: puede exponer el Puntero Frame Guardado, la Dirección de Retorno, etc. en la p... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19519 – tcpdump: Stack-based buffer over-read in print-hncp.c:print_prefix() via crafted pcap
https://notcve.org/view.php?id=CVE-2018-19519
25 Nov 2018 — In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization. En la versión 4.9.2 de tcpdump, existe un una sobrelectura de búfer basada en pila en la función print_prefix de print-hncp.c mediante un paquete de datos manipulado debido a la falta de una inicialización. USN-4252-1 fixed several vulnerabilities in tcpdump. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Mul... • http://www.securityfocus.com/bid/106098 • CWE-125: Out-of-bounds Read CWE-909: Missing Initialization of Resource •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-16808 – Ubuntu Security Notice USN-4252-2
https://notcve.org/view.php?id=CVE-2017-16808
13 Nov 2017 — tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c. tcpdump en versiones anteriores a la 4.9.3 tiene una lectura en exceso del búfer en la región heap de la memoria relacionada con aoe_print en print-aoe.c y lookup_emem en addrtoname.c. USN-4252-1 fixed several vulnerabilities in tcpdump. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Multiple security issues were discovered in tcpdump. A remote... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html • CWE-125: Out-of-bounds Read •