Tcpdump Security Vulnerabilities
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).
7.5CVSS
8.6AI Score
0.004EPSS
The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().
7.5CVSS
8.6AI Score
0.004EPSS
The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().
7.5CVSS
8.6AI Score
0.004EPSS
The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().
7.5CVSS
8.6AI Score
0.004EPSS
The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().
7CVSS
8.4AI Score
0.003EPSS
The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().
7.5CVSS
8.6AI Score
0.004EPSS
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).
7.5CVSS
8.6AI Score
0.004EPSS
7.5CVSS
8.6AI Score
0.004EPSS
The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.
7.5CVSS
8.6AI Score
0.004EPSS
The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().
7.5CVSS
8.6AI Score
0.004EPSS
The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().
7.5CVSS
8.6AI Score
0.004EPSS
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).
7.5CVSS
8.6AI Score
0.004EPSS
The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.
7.5CVSS
8.5AI Score
0.01EPSS
The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump.
7.8CVSS
7.8AI Score
0.001EPSS
The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.
7.5CVSS
8.7AI Score
0.004EPSS
The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.
7.5CVSS
8.5AI Score
0.01EPSS
In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization.
5.5CVSS
5.7AI Score
0.002EPSS
tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". The attack vector is: The victim must ope...
3.3CVSS
6.1AI Score
0.002EPSS
rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request.
5.3CVSS
6AI Score
0.032EPSS
rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.
5.3CVSS
6.2AI Score
0.032EPSS
rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails.
7.5CVSS
7.1AI Score
0.039EPSS
rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source.
5.3CVSS
6AI Score
0.032EPSS
sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.
5.3CVSS
6.2AI Score
0.008EPSS
lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.
7.5CVSS
8.5AI Score
0.008EPSS
The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463.
9.1CVSS
8.7AI Score
0.004EPSS
The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way.
7.5CVSS
7.5AI Score
0.001EPSS
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
7.5CVSS
7.3AI Score
0.006EPSS
5.5CVSS
5.7AI Score
0.001EPSS
The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet.
6.5CVSS
6.4AI Score
0.003EPSS
In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This ...
4.4CVSS
4.4AI Score
0.006EPSS
Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with ...
4.4CVSS
4.8AI Score
0.0004EPSS