CVE-2017-13002
Gentoo Linux Security Advisory 201709-23
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension().
El analizador sintáctico AODV en tcpdump en versiones anteriores a la 4.9.2 tiene una vulnerabilidad de sobrelectura de búfer en print-aodv.c:aodv_extension().
Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code. For the oldstable distribution (jessie), these problems have been fixed in version 4.9.2-1~deb8u1. For the stable distribution (stretch), these problems have been fixed in version 4.9.2-1~deb9u1. For the testing distribution (buster), these problems have been fixed in version 4.9.2-1 or earlier versions. For the unstable distribution (sid), these problems have been fixed in version 4.9.2-1 or earlier versions.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-08-21 CVE Reserved
- 2017-09-09 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-31 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1039307 | Vdb Entry | |
| https://support.apple.com/HT208221 | X_refsource_confirm |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/the-tcpdump-group/tcpdump/commit/cbddb98484ea8ec1deece351abd56e063d775b38 | 2019-10-03 |
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3971 | 2019-10-03 | |
| http://www.tcpdump.org/tcpdump-changes.txt | 2019-10-03 | |
| https://access.redhat.com/errata/RHEA-2018:0705 | 2019-10-03 | |
| https://security.gentoo.org/glsa/201709-23 | 2019-10-03 |