Low: tcpdump

🗓️ 14 Jan 2020 00:00:00Reported by AmazonType

A stack-based buffer over-read exists in tcpdump 4.9.2 due to missing initialization (CVE-2018-19519). Update tcpdump to version 4.9.2-4.amzn2.1 to resolve

Reporter	Title	Published	Views	Family All 129
IBM Security Bulletins	Security Bulletin: IBM MQ Appliance is affected by a tcpdump vulnerability (CVE-2018-19519)	22 Apr 202009:29	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in tcpdump affects AIX (CVE-2018-19519)	9 Apr 201916:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Network Security is affected by a tcpdump vulnerability (CVE-2018-19519)	27 Mar 202008:10	–	ibm
Tenable Nessus	AIX 7.1 TL 4 : tcpdump (IJ12979)	26 Feb 201900:00	–	nessus
Tenable Nessus	AIX 7.1 TL 5 : tcpdump (IJ12980)	26 Feb 201900:00	–	nessus
Tenable Nessus	AIX 7.2 TL 1 : tcpdump (IJ12981)	26 Feb 201900:00	–	nessus
Tenable Nessus	AIX 7.2 TL 2 : tcpdump (IJ12982)	26 Feb 201900:00	–	nessus
Tenable Nessus	AIX 7.2 TL 3 : tcpdump (IJ12983)	26 Feb 201900:00	–	nessus
Tenable Nessus	Amazon Linux 2 : tcpdump (ALAS-2020-1385)	21 Jan 202000:00	–	nessus
Tenable Nessus	CentOS 7 : tcpdump (CESA-2019:3976)	4 Dec 201900:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	aarch64	tcpdump	4.9.2-4.amzn2.1	tcpdump-4.9.2-4.amzn2.1.aarch64.rpm
Amazon Linux	2	i686	tcpdump	4.9.2-4.amzn2.1	tcpdump-4.9.2-4.amzn2.1.i686.rpm
Amazon Linux	2	x86_64	tcpdump	4.9.2-4.amzn2.1	tcpdump-4.9.2-4.amzn2.1.x86_64.rpm
Amazon Linux	2	aarch64	tcpdump-debuginfo	4.9.2-4.amzn2.1	tcpdump-debuginfo-4.9.2-4.amzn2.1.aarch64.rpm
Amazon Linux	2	i686	tcpdump-debuginfo	4.9.2-4.amzn2.1	tcpdump-debuginfo-4.9.2-4.amzn2.1.i686.rpm
Amazon Linux	2	x86_64	tcpdump-debuginfo	4.9.2-4.amzn2.1	tcpdump-debuginfo-4.9.2-4.amzn2.1.x86_64.rpm

17 Jan 2020 00:00Current

6.3Medium risk

Vulners AI Score6.3

CVSS 24.3

CVSS 35.5

EPSS0.00383