CVE-2018-19519
tcpdump: Stack-based buffer over-read in print-hncp.c:print_prefix() via crafted pcap
Severity Score
5.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization.
En la versión 4.9.2 de tcpdump, existe un una sobrelectura de búfer basada en pila en la función print_prefix de print-hncp.c mediante un paquete de datos manipulado debido a la falta de una inicialización.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-11-25 CVE Reserved
- 2018-11-25 CVE Published
- 2024-04-17 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-125: Out-of-bounds Read
- CWE-909: Missing Initialization of Resource
CAPEC
References (11)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/106098 | Third Party Advisory | |
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 | X_refsource_confirm |
URL | Date | SRC |
---|---|---|
https://github.com/zyingp/temp/blob/master/tcpdump.md | 2024-08-05 |
URL | Date | SRC |
---|