Data Processing (IBB): CVE-2017-5482 The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print().

2017-02-02T17:26:49
ID H1:202969
Type hackerone
Reporter geeknik
Modified 2019-10-08T20:31:56

Description

Reported to the project maintainers in 2016. Regardless of CVE-2016-8575 q933_print() still could overread the buffer trying to parse a short packet. Fixed by https://github.com/the-tcpdump-group/tcpdump/commit/c39c1d99ac3b6d5d9519b39da6717180651650d3.