Tcpdump Security Vulnerabilities
TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.
7.2AI Score
0.551EPSS
Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonst...
7.3AI Score
0.65EPSS
Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-bas...
9.2AI Score
0.049EPSS
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
9.8CVSS
9.8AI Score
0.687EPSS
pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d9437200e028f1c47c93 when snaplen is set may truncate packets, which might allow remote attackers to send arbitrary data while avoiding detection via crafted packets.
9.8CVSS
9.4AI Score
0.007EPSS
Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value.
9.6AI Score
0.067EPSS
The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU).
8.8AI Score
0.171EPSS
The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value.
8.7AI Score
0.111EPSS
The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
9.5AI Score
0.026EPSS
print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).
7.5CVSS
8.1AI Score
0.005EPSS
The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print().
9.8CVSS
9.5AI Score
0.015EPSS
The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print().
9.8CVSS
9.5AI Score
0.015EPSS
The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oam_print().
9.8CVSS
9.5AI Score
0.015EPSS
The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overflow in print-sl.c:sl_if_print().
9.8CVSS
9.5AI Score
0.015EPSS
The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print().
9.8CVSS
9.5AI Score
0.015EPSS
The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in print-802_11.c:ieee802_11_radio_print().
9.8CVSS
9.5AI Score
0.015EPSS
The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcomp_print().
9.8CVSS
9.5AI Score
0.015EPSS
The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniper_parse_header().
9.8CVSS
9.5AI Score
0.015EPSS
The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print().
9.8CVSS
9.5AI Score
0.015EPSS
The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mpls_print().
9.8CVSS
9.5AI Score
0.015EPSS
The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum().
9.8CVSS
9.5AI Score
0.015EPSS
The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print-ppp.c:ppp_hdlc_if_print().
9.8CVSS
9.5AI Score
0.015EPSS
The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcp_print().
9.8CVSS
9.5AI Score
0.015EPSS
The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print().
9.8CVSS
9.5AI Score
0.015EPSS
The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print().
9.8CVSS
9.5AI Score
0.015EPSS
The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print().
9.8CVSS
9.5AI Score
0.015EPSS
The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame().
9.8CVSS
9.4AI Score
0.012EPSS
The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions.
9.8CVSS
9.5AI Score
0.015EPSS
The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions.
9.8CVSS
9.5AI Score
0.015EPSS
The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions.
9.8CVSS
9.5AI Score
0.015EPSS
The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions.
9.8CVSS
9.5AI Score
0.015EPSS
The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print().
9.8CVSS
9.5AI Score
0.015EPSS
The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().
9.8CVSS
9.5AI Score
0.015EPSS
The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-tftp.c:tftp_print().
9.8CVSS
9.5AI Score
0.015EPSS
The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calm_fast_print().
9.8CVSS
9.5AI Score
0.015EPSS
The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions.
9.8CVSS
9.5AI Score
0.015EPSS
The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-cip.c:cip_if_print().
9.8CVSS
9.5AI Score
0.015EPSS
A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM).
9.8CVSS
9.5AI Score
0.015EPSS
The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print().
9.8CVSS
9.5AI Score
0.015EPSS
The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482.
9.8CVSS
9.5AI Score
0.015EPSS
tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol.
7.5CVSS
8.1AI Score
0.006EPSS
tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c.
9.8CVSS
9.2AI Score
0.048EPSS
tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.
9.8CVSS
9.3AI Score
0.048EPSS
9.8CVSS
9.5AI Score
0.161EPSS
The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len().
9.8CVSS
9.3AI Score
0.006EPSS
Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring().
9.8CVSS
9.3AI Score
0.006EPSS
The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().
9.8CVSS
9.3AI Score
0.006EPSS
The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().
9.8CVSS
9.3AI Score
0.015EPSS
The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print().
9.8CVSS
9.3AI Score
0.006EPSS
The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply().
9.8CVSS
9.3AI Score
0.006EPSS