CVE-2017-11108

2017-07-0817:29:00

Google

osv.dev

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.006 Low

EPSS

Percentile

78.8%

JSON

tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol.

CPENameOperatorVersion
tcpdumpeq4.5.1-r0
tcpdumpeqtcpdump-3.7.1
tcpdumpeq4.6.1-r2
tcpdumpeq4.9.0-r1
tcpdumpeqtcpdump-3.8-bp
tcpdumpeq4.3.0-r2
tcpdumpeq4.9.0-r2
tcpdumpeq4.6.2-r0
tcpdumpeq4.1.1-r2
tcpdumpeq4.7.4-r0

Name	Operator	Version
tcpdump	eq	4.5.1-r0
tcpdump	eq	tcpdump-3.7.1
tcpdump	eq	4.6.1-r2
tcpdump	eq	4.9.0-r1
tcpdump	eq	tcpdump-3.8-bp
tcpdump	eq	4.3.0-r2
tcpdump	eq	4.9.0-r2
tcpdump	eq	4.6.2-r0
tcpdump	eq	4.1.1-r2
tcpdump	eq	4.7.4-r0