Denis Ovsienko - Security Researcher - Exploit Intelligence Platform

CVE-2018-14879 WRITEUP HIGH WRITEUP

tcpdump <4.9.3 - Buffer Overflow

The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().

CVSS 7.0

View Code

CVE-2018-16227 WRITEUP HIGH WRITEUP

tcpdump < 4.9.3 - Out-of-bounds Read in IEEE 802.11 Mesh Flags Parser

The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.

CVSS 7.5

View Code

CVE-2015-3138 WRITEUP HIGH WRITEUP

tcpdump < 4.7.4 - Denial of Service in print-wb.c

print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).

CVSS 7.5

View Code

CVE-2017-13042 WRITEUP CRITICAL WRITEUP

tcpdump < 4.9.2 - Out-of-bounds Read in HNCP Parser

The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print().

CVSS 9.8

View Code

CVE-2017-13043 WRITEUP CRITICAL WRITEUP

tcpdump < 4.9.2 - Out-of-bounds Read in BGP Parser

The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn().

CVSS 9.8

View Code

CVE-2017-13044 WRITEUP CRITICAL WRITEUP

tcpdump < 4.9.2 - Out-of-bounds Read in HNCP Parser

The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv4_print().

CVSS 9.8

View Code

CVE-2017-13045 WRITEUP CRITICAL WRITEUP

tcpdump < 4.9.2 - Out-of-bounds Read in VQP Parser

The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print().

CVSS 9.8

View Code

CVE-2017-13046 WRITEUP CRITICAL WRITEUP

tcpdump < 4.9.2 - Out-of-bounds Read in BGP Parser

The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().

CVSS 9.8

View Code

CVE-2017-13047 WRITEUP CRITICAL WRITEUP

tcpdump < 4.9.2 - Out-of-bounds Read in ISO ES-IS Parser

The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().

CVSS 9.8

View Code

CVE-2017-13048 WRITEUP CRITICAL WRITEUP

tcpdump < 4.9.2 - Out-of-bounds Read in RSVP Parser

The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().

CVSS 9.8

View Code

CVE-2017-13049 WRITEUP CRITICAL WRITEUP

tcpdump < 4.9.2 - Out-of-bounds Read in Rx Protocol Parser

The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print().

CVSS 9.8

View Code

CVE-2017-13050 WRITEUP CRITICAL WRITEUP

tcpdump < 4.9.2 - Out-of-bounds Read in RPKI-Router Parser

The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print().

CVSS 9.8

View Code

CVE-2017-13051 WRITEUP CRITICAL WRITEUP

tcpdump < 4.9.2 - Out-of-bounds Read in RSVP Parser

The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().

CVSS 9.8

View Code

CVE-2017-13052 WRITEUP CRITICAL WRITEUP

tcpdump < 4.9.2 - Out-of-bounds Read in CFM Parser

The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print().

CVSS 9.8

View Code

CVE-2017-13053 WRITEUP CRITICAL WRITEUP

tcpdump < 4.9.2 - Out-of-bounds Read in BGP Parser

The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info().

CVSS 9.8

View Code

CVE-2017-13054 WRITEUP CRITICAL WRITEUP

tcpdump < 4.9.2 - Out-of-bounds Read in LLDP Parser

The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print().

CVSS 9.8

View Code

CVE-2017-13055 WRITEUP CRITICAL WRITEUP

tcpdump < 4.9.2 - Out-of-bounds Read in ISO IS-IS Parser

The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_is_reach_subtlv().

CVSS 9.8

View Code

CVE-2017-13687 WRITEUP CRITICAL WRITEUP

tcpdump < 4.9.2 - Out-of-bounds Read in Cisco HDLC Parser

The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print().

CVSS 9.8

View Code

CVE-2018-14466 WRITEUP HIGH WRITEUP

tcpdump < 4.9.3 - Out-of-bounds Read in Rx Parser

The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().

CVSS 7.5

View Code

CVE-2018-14468 WRITEUP HIGH WRITEUP

tcpdump < 4.9.3 - Out-of-bounds Read in FRF.16 Parser

The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().

CVSS 7.5

View Code

CVE-2018-14470 WRITEUP HIGH WRITEUP

tcpdump < 4.9.3 - Out-of-bounds Read in Babel Parser

The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().

CVSS 7.5

View Code

CVE-2018-16228 WRITEUP HIGH WRITEUP

tcpdump < 4.9.3 - Out-of-bounds Read in HNCP Parser

The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().

CVSS 7.5

View Code

CVE-2018-16230 WRITEUP HIGH WRITEUP

tcpdump < 4.9.3 - Out-of-bounds Read in BGP MP_REACH_NLRI Parser

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).

CVSS 7.5

View Code

CVE-2018-16300 WRITEUP HIGH WRITEUP

tcpdump < 4.9.3 - Denial of Service via BGP Parser Uncontrolled Recursion

The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.

CVSS 7.5

View Code

CVE-2018-16301 WRITEUP HIGH WRITEUP

tcpdump < 4.99.0 - Buffer Overflow via -F Command-Line Argument

The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump.

CVSS 7.8

View Code