CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19519 – tcpdump: Stack-based buffer over-read in print-hncp.c:print_prefix() via crafted pcap
https://notcve.org/view.php?id=CVE-2018-19519
In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization. En la versión 4.9.2 de tcpdump, existe un una sobrelectura de búfer basada en pila en la función print_prefix de print-hncp.c mediante un paquete de datos manipulado debido a la falta de una inicialización. • http://www.securityfocus.com/bid/106098 https://access.redhat.com/errata/RHSA-2019:3976 https://github.com/zyingp/temp/blob/master/tcpdump.md https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN https://lists.fedoraproject.org/archives/list/package-announce%40list • CWE-125: Out-of-bounds Read CWE-909: Missing Initialization of Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16808
https://notcve.org/view.php?id=CVE-2017-16808
tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c. tcpdump en versiones anteriores a la 4.9.3 tiene una lectura en exceso del búfer en la región heap de la memoria relacionada con aoe_print en print-aoe.c y lookup_emem en addrtoname.c. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html http://packetstormsecurity.com/files/154710/Slackware-Security-Advisory-tcpdump-Updates.html http://seclists.org/fulldisclosure/2019/Dec/26 http://www.securitytracker.com/id/1039773 https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES https://github.com/the-tcpd • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-3138
https://notcve.org/view.php?id=CVE-2015-3138
print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash). print-wb.c en tcpdump en versiones anteriores a la 4.7.4 permite que los atacantes provoquen una denegación de servicio (fallo de segmentación y cierre inesperado del proceso). • http://lists.opensuse.org/opensuse-updates/2017-05/msg00018.html https://bugzilla.redhat.com/show_bug.cgi?id=1212342 https://github.com/the-tcpdump-group/tcpdump/commit/3ed82f4ed0095768529afc22b923c8f7171fff70 https://github.com/the-tcpdump-group/tcpdump/issues/446 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13002
https://notcve.org/view.php?id=CVE-2017-13002
The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension(). El analizador sintáctico AODV en tcpdump en versiones anteriores a la 4.9.2 tiene una vulnerabilidad de sobrelectura de búfer en print-aodv.c:aodv_extension(). • http://www.debian.org/security/2017/dsa-3971 http://www.securitytracker.com/id/1039307 http://www.tcpdump.org/tcpdump-changes.txt https://access.redhat.com/errata/RHEA-2018:0705 https://github.com/the-tcpdump-group/tcpdump/commit/cbddb98484ea8ec1deece351abd56e063d775b38 https://security.gentoo.org/glsa/201709-23 https://support.apple.com/HT208221 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13013
https://notcve.org/view.php?id=CVE-2017-13013
The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions. El analizador sintáctico ARP en tcpdump en versiones anteriores a la 4.9.2 tiene una vulnerabilidad de sobrelectura de búfer en print-arp.c en varias funciones. • http://www.debian.org/security/2017/dsa-3971 http://www.securitytracker.com/id/1039307 http://www.tcpdump.org/tcpdump-changes.txt https://access.redhat.com/errata/RHEA-2018:0705 https://github.com/the-tcpdump-group/tcpdump/commit/13ab8d18617d616c7d343530f8a842e7143fb5cc https://security.gentoo.org/glsa/201709-23 https://support.apple.com/HT208221 • CWE-125: Out-of-bounds Read •