// For flags

CVE-2018-14463

tcpdump: Buffer over-read in vrrp_print() function in print-vrrp.c

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

1.1%
*EPSS

Affected Versions

14
*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.

El analizador de VRRP en tcpdump versiones anteriores a 4.9.3 presenta una lectura excesiva del búfer en print-vrrp.c:vrrp_print() para la versión 2 de VRRP, una vulnerabilidad diferente a la CVE-2019-15167.

An out-of-bounds read vulnerability was discovered in tcpdump while printing VRRP packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application.

Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include denial of service and remote shell upload vulnerabilities.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-07-20 CVE Reserved
  • 2019-10-01 CVE Published
  • 2023-04-06 First Exploit
  • 2024-08-05 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-125: Out-of-bounds Read
CAPEC
References (19)
Affected Vendors, Products, and Versions (14)