CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16300 – tcpdump: Resource exhaustion in bgp_attr_print() function in print-bgp.c
https://notcve.org/view.php?id=CVE-2018-16300
The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. El analizador BGP en tcpdump versiones anteriores a 4.9.3, permite el consumo de pila en print-bgp.c:bgp_attr_print() debido a una recursividad ilimitada. An uncontrolled resource consumption flaw was discovered in the way tcpdump prints BGP packets. The BGP protocol allows ATTR_SET to be nested as many times as the message can accommodate, however when a specially crafted packet is crafted and parsed by tcpdump, this may lead to stack exhaustion due to uncontrolled recursion. System availability is the highest threat from this vulnerability. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES https://github.com/the-tcpdump-group/tcpdump/commit/af2cf04a9394c1a56227c2289ae8da262828294a https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2018-16451 – tcpdump: Buffer over-read in print_trans() function in print-smb.c
https://notcve.org/view.php?id=CVE-2018-16451
The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. El analizador SMB en tcpdump versiones anteriores a 4.9.3, presenta lecturas excesivas del búfer en print-smb.c:print_trans() para \MAILSLOT\BROWSE y \PIPE\LANMAN. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES https://github.com/the-tcpdump-group/tcpdump/commit/96480ab95308cd9234b4f09b175ebf60e17792c6 https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16452 – tcpdump: Resource exhaustion in smb_fdata() funtion in smbutil.c
https://notcve.org/view.php?id=CVE-2018-16452
The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion. El analizador SMB en tcpdump versiones anteriores a 4.9.3, presenta un agotamiento de pila en smbutil.c:smb_fdata() mediante la recursividad. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES https://github.com/the-tcpdump-group/tcpdump/commit/24182d959f661327525a20d9a94c98a8ec016778 https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2019-15166 – lmp_print in tcpdump lacks certain boundary checks
https://notcve.org/view.php?id=CVE-2019-15166
lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. La función lmp_print_data_link_subobjs() en el archivo print-lmp.c en tcpdump versiones anteriores a 4.9.3, carece de ciertas comprobaciones de límites. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4 https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-10103 – tcpdump: SMB data printing mishandled
https://notcve.org/view.php?id=CVE-2018-10103
tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). tcpdump versiones anteriores a 4.9.3, maneja inapropiadamente la impresión de datos SMB (problema 1 de 2). • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN https://lists.fedoraproject.org/archives/list/package&# • CWE-20: Improper Input Validation •