RSS   Vulnerabilities for 'Tcpdump'   RSS

2020-11-04
 
CVE-2020-8037

CWE-770
 
 
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.

 
 
CVE-2020-8036

NVD-CWE-noinfo
 
 
The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way.

 
2020-03-16
 
CVE-2018-19325

CWE-125
 
 
tcpdump 4.9.2 (and probably lower versions) is prone to a heap-based buffer over-read in the EXTRACT_32BITS function (extract.h, called from the rx_cache_find function, print-rx.c) due to improper serviceId sanitization.

 
2019-10-03
 
CVE-2019-15166

CWE-20
 
 
lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.

 
 
CVE-2018-16452

CWE-674
 
 
The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.

 
 
CVE-2018-16451

CWE-125
 
 
The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.

 
 
CVE-2018-16301

CWE-120
 
 
libpcap before 1.9.1, as used in tcpdump before 4.9.3, has a buffer overflow and/or over-read because of errors in pcapng reading.

 
 
CVE-2018-16300

CWE-674
 
 
The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.

 
 
CVE-2018-16230

CWE-125
 
 
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).

 
 
CVE-2018-16229

CWE-125
 
 
The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().

 

Copyright 2024, cxsecurity.com

 

Back to Top