CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2018-14467 – tcpdump: Buffer over-read in bgp_capabilities_print() in print-bgp.c
https://notcve.org/view.php?id=CVE-2018-14467
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). El analizador BGP en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del búfer en print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES https://github.com/the-tcpdump-group/tcpdump/commit/e3f3b445e2d20ac5d5b7fcb7559ce6beb55da0c9 https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2018-14461 – tcpdump: Buffer over-read in ldp_tlv_print() function in print-ldp.c
https://notcve.org/view.php?id=CVE-2018-14461
The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). El analizador LDP en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del búfer en print-ldp.c:ldp_tlv_print(). An out-of-bounds read vulnerability was discovered in tcpdump while printing LDP packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES https://github.com/the-tcpdump-group/tcpdump/commit/aa5c6b710dfd8020d2c908d6b3bd41f1da719b3b https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2018-14469 – tcpdump: Buffer over-read in ikev1_n_print() function in print-isakmp.c
https://notcve.org/view.php?id=CVE-2018-14469
The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print(). El analizador IKEv1 en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del búfer en print-isakmp.c:ikev1_n_print(). An out-of-bounds read vulnerability was discovered in tcpdump while printing ISAKMP packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES https://github.com/the-tcpdump-group/tcpdump/commit/396e94ff55a80d554b1fe46bf107db1e91008d6c https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2018-14462 – tcpdump: Buffer over-read in icmp_print() function in print-icmp.c
https://notcve.org/view.php?id=CVE-2018-14462
The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print(). El analizador ICMP en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del búfer en print-icmp.c:icmp_print(). An out-of-bounds read flaw was discovered in tcpdump while printing ICMP packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application. System availability is the highest threat from this vulnerability • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3 https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2018-14464 – tcpdump: Buffer over-read in lmp_print_data_link_subobjs() function in print-lmp.c
https://notcve.org/view.php?id=CVE-2018-14464
The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). El analizador LMP en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del búfer en print-lmp.c:lmp_print_data_link_subobjs(). An out-of-bounds read vulnerability was discovered in tcpdump while printing LMP packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES https://github.com/the-tcpdump-group/tcpdump/commit/d97e94223720684c6aa740ff219e0d19426c2220 https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-125: Out-of-bounds Read •