Lucene search

K
redhatcveRedhat.comRH:CVE-2016-7931
HistoryFeb 03, 2017 - 3:52 p.m.

CVE-2016-7931

2017-02-0315:52:23
redhat.com
access.redhat.com
16
tcpdump
protocol decoding
vulnerability
crafted packets
live capture mode

EPSS

0.015

Percentile

87.1%

Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop.

Mitigation

When invoked with the "-w" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.