ROSA LABROSA-SA-2021-1985Advisory ROSA-SA-2021-1985
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
85.3%
Software: tcpdump 4.9.2
OS: Cobalt 7.9
CVE-ID: CVE-2017-16808
CVE-Crit: MEDIUM
CVE-DESC: tcpdump before 4.9.3 has a redundant heap-based buffer read associated with aoe_print in print-aoe.c and lookup_ememem in addrtoname.c.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-10103
CVE-Crit: CRITICAL
CVE-DESC: tcpdump before 4.9.3 does not properly handle SMB data printing (problem 1 of 2).
CVE-STATUS: Default
CVE-REV: default
CVE-ID: CVE-2018-10105
CVE-Crit: CRITICAL
CVE-DESC: tcpdump before 4.9.3 does not properly handle SMB data printing (problem 2 of 2).
CVE-STATUS: Default
CVE-REV: default
CVE-ID: CVE-2018-14461
CVE-Crit: HIGH
CVE-DESC: LDP parser in tcpdump before 4.9.3 has a buffer overflow in print-ldp.c: ldp_tlv_print ().
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-14462
CVE-Crit: HIGH
CVE-DESC: ICMP parser in tcpdump before 4.9.3 has a buffer overflow in print-icmp.c: icmp_print ().
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-14462
CVE-Crit: HIGH
CVE-DESC: ICMP parser in tcpdump before 4.9.3 has a buffer overflow in print-icmp.c: icmp_print ().
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-14463
CVE-Crit: HIGH
CVE-DESC: VRRP parser in tcpdump before 4.9.3 has buffer re-read in print-vrrp.c: vrrrp_print ().
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-14463
CVE-Crit: HIGH
CVE-DESC: VRRP parser in tcpdump before 4.9.3 has buffer re-read in print-vrrp.c: vrrrp_print ().
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-14464
CVE-Crit: HIGH
CVE-DESC: LMP parser in tcpdump before 4.9.3 has a buffer overflow in print-lmp.c: lmp_print_data_link_subobjs ().
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-14465
CVE-Crit: HIGH
CVE-DESC: RSVP parser in tcpdump before 4.9.3 has a buffer reread in print-rsvp.c: rsvp_obj_print ().
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-14465
CVE-Crit: HIGH
CVE-DESC: RSVP parser in tcpdump before 4.9.3 has a buffer reread in print-rsvp.c: rsvp_obj_print ().
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-14466
CVE-Crit: HIGH
CVE-DESC: Rx analyzer in tcpdump before 4.9.3 has buffer reread in print-rx.c: rx_cache_find () and rx_cache_insert ().
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-14467
CVE-Crit: HIGH
CVE-DESC: BGP parser in tcpdump before 4.9.3 has buffer re-read in print-bgp.c: bgp_capabilities_print () (BGP_CAPCODE_MP).
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-14468
CVE-Crit: HIGH
CVE-DESC: FRF.16 parser in tcpdump before 4.9.3 has a buffer overflow in print-fr.c: mfr_print ().
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-14469
CVE-Crit: HIGH
CVE-DESC: IKEv1 parser in tcpdump before 4.9.3 has a buffer reread in print-isakmp.c: ikev1_n_print ().
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-14469
CVE-Crit: HIGH
CVE-DESC: IKEv1 parser in tcpdump before 4.9.3 has a buffer reread in print-isakmp.c: ikev1_n_print ().
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-14470
CVE-Crit: HIGH
CVE-DESC: Babel parser in tcpdump before 4.9.3 has a buffer reread in print-babel.c: babel_print_v2 ().
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-14879
CVE-Crit: HIGH
CVE-DESC: command line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c: get_next_file ().
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-14880
CVE-Crit: HIGH
CVE-DESC: OSPFv3 parser in tcpdump before 4.9.3 has a buffer reread in print-ospf6.c: ospf6_print_lshdr ().
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-14881
CVE-Crit: HIGH
CVE-DESC: BGP parser in tcpdump before 4.9.3 has a buffer reread in print-bgp.c: bgp_capabilities_print () (BGP_CAPCODE_RESTART).
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-14882
CVE-Crit: HIGH
CVE-DESC: ICMPv6 parser in tcpdump before 4.9.3 has a buffer overflow in print-icmp6.c.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-14882
CVE-Crit: HIGH
CVE-DESC: ICMPv6 parser in tcpdump before 4.9.3 has a buffer overflow in print-icmp6.c.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-16300
CVE-Crit: HIGH
CVE-DESC: BGP parser in tcpdump before 4.9.3 allows stack usage in print-bgp.c: bgp_attr_print () due to unrestricted recursion.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-16452
CVE-Crit: HIGH
CVE-DESC: SMB analyzer in tcpdump before 4.9.3 has stack exhaustion in smbutil.c: smb_fdata () due to recursion.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-16227
CVE-Crit: HIGH
CVE-DESC: IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer reread in print-802_11.c for the Mesh Flags subfield.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-16228
CVE-Crit: HIGH
CVE-DESC: HNCP parser in tcpdump before 4.9.3 has a buffer reread in print-hncp.c: print_prefix ().
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-16229
CVE-Crit: HIGH
CVE-DESC: The DCCP parser in tcpdump before 4.9.3 has a buffer overflow in print-dccp.c: dccp_print_option ().
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-16229
CVE-Crit: HIGH
CVE-DESC: The DCCP parser in tcpdump before 4.9.3 has a buffer overflow in print-dccp.c: dccp_print_option ().
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-16230
CVE-Crit: HIGH
CVE-DESC: BGP parser in tcpdump before 4.9.3 has buffer re-read in print-bgp.c: bgp_attr_print () (MP_REACH_NLRI).
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-16451
CVE-Crit: HIGH
CVE-DESC: SMB analyzer in tcpdump before 4.9.3 has redundant buffer reads in print-smb.c: print_trans () for \ MAILSLOT \ BROWSE and \ PIPE \ LANMAN.
CVE-STATUS: Default
CVE-REV: Default
CVE-ID: CVE-2019-1010220
CVE-Crit: LOW
CVE-DESC: tcpdump.org The following affects tcpdump 4.9.2: CWE-126: buffer overflow. Consequences are as follows: the stack may show a stored frame pointer, return address, etc. D. Component: line 234: “ND_PRINT ((ndo,”% s “, buf));” in a function named “print_prefix” in “print-hncp.c”. Attack vector: the victim must open a specially crafted pcap file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2019-15166
CVE-Crit: HIGH
CVE-DESC: lmp_print_data_link_subobjs () in print-lmp.c in tcpdump before 4.9.3 has no defined bounds checks.
CVE-STATUS: default
CVE-REV: default
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
85.3%