CVE-2016-7993
tcpdump: multiple overflow issues in protocol decoding
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM).
Un error interno en util-print.c:relts_print() en tcpdump en versiones anteriores a 4.9.0 podría provocar un desbordamiento de búfer en múltiples analizadores de protocolo (DNS, DVMRP, HSRP, IGMP, protocolo ligero de resolución, PIM).
Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-09-09 CVE Reserved
- 2017-01-28 CVE Published
- 2024-07-10 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/95852 | Third Party Advisory | |
| http://www.securitytracker.com/id/1037755 | Vdb Entry | |
| https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html | X_refsource_confirm |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3775 | 2023-11-07 | |
| https://access.redhat.com/errata/RHSA-2017:1871 | 2023-11-07 | |
| https://security.gentoo.org/glsa/201702-30 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2016-7993 | 2017-08-01 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1419066 | 2017-08-01 |