Guy Harris

75 exploits Active since Feb 2014
CVE-2017-13029 WRITEUP CRITICAL WRITEUP
Tcpdump < 4.9.1 - Out-of-Bounds Read
The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options().
CVSS 9.8
CVE-2017-13030 WRITEUP CRITICAL WRITEUP
Tcpdump < 4.9.1 - Out-of-Bounds Read
The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions.
CVSS 9.8
CVE-2017-13031 WRITEUP CRITICAL WRITEUP
Tcpdump < 4.9.1 - Out-of-Bounds Read
The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print().
CVSS 9.8
CVE-2017-13032 WRITEUP CRITICAL WRITEUP
Tcpdump < 4.9.1 - Out-of-Bounds Read
The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string().
CVSS 9.8
CVE-2017-13033 WRITEUP CRITICAL WRITEUP
Tcpdump < 4.9.1 - Out-of-Bounds Read
The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print().
CVSS 9.8
CVE-2017-13034 WRITEUP CRITICAL WRITEUP
Tcpdump < 4.9.1 - Out-of-Bounds Read
The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().
CVSS 9.8
CVE-2017-13035 WRITEUP CRITICAL WRITEUP
Tcpdump < 4.9.1 - Out-of-Bounds Read
The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id().
CVSS 9.8
CVE-2017-13037 WRITEUP CRITICAL WRITEUP
Tcpdump < 4.9.1 - Out-of-Bounds Read
The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts().
CVSS 9.8
CVE-2017-13038 WRITEUP CRITICAL WRITEUP
Tcpdump < 4.9.1 - Out-of-Bounds Read
The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp().
CVSS 9.8
CVE-2017-13039 WRITEUP CRITICAL WRITEUP
Tcpdump < 4.9.1 - Out-of-Bounds Read
The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.
CVSS 9.8
CVE-2017-13040 WRITEUP CRITICAL WRITEUP
Tcpdump < 4.9.1 - Out-of-Bounds Read
The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.
CVSS 9.8
CVE-2017-13041 WRITEUP CRITICAL WRITEUP
Tcpdump < 4.9.1 - Out-of-Bounds Read
The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print().
CVSS 9.8
CVE-2017-13688 WRITEUP CRITICAL WRITEUP
Tcpdump < 4.9.1 - Out-of-Bounds Read
The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print().
CVSS 9.8
CVE-2017-13689 WRITEUP CRITICAL WRITEUP
Tcpdump < 4.9.1 - Out-of-Bounds Read
The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print().
CVSS 9.8
CVE-2017-13690 WRITEUP CRITICAL WRITEUP
Tcpdump < 4.9.1 - Out-of-Bounds Read
The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.
CVSS 9.8
CVE-2017-13725 WRITEUP CRITICAL WRITEUP
Tcpdump < 4.9.1 - Out-of-Bounds Read
The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().
CVSS 9.8
CVE-2019-15162 WRITEUP MEDIUM WRITEUP
Tcpdump Libpcap < 1.9.1 - Data Authenticity Bypass
rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.
CVSS 5.3
CVE-2019-15163 WRITEUP HIGH WRITEUP
Tcpdump Libpcap < 1.9.1 - NULL Pointer Dereference
rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails.
CVSS 7.5
CVE-2019-15164 WRITEUP MEDIUM WRITEUP
Tcpdump Libpcap < 1.9.1 - SSRF
rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source.
CVSS 5.3
CVE-2020-8037 WRITEUP HIGH WRITEUP
tcpdump 4.9.3 - Memory Corruption
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
CVSS 7.5
CVE-2023-1801 WRITEUP MEDIUM WRITEUP
tcpdump <4.99.3 - Buffer Overflow
The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet.
CVSS 6.5
CVE-2023-7256 WRITEUP MEDIUM WRITEUP
Tcpdump Libpcap < 1.10.5 - Double Free
In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400.
CVSS 4.4
CVE-2024-2397 WRITEUP MEDIUM WRITEUP
tcpdump - Buffer Overflow
Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21.
CVSS 6.2
CVE-2024-24479 WRITEUP HIGH WRITEUP
Wireshark <4.2.0 - Buffer Overflow
A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.
CVSS 7.5
CVE-2025-11964 WRITEUP LOW WRITEUP
libpcap - Buffer Overflow
On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4 bytes, utf_16le_to_utf_8_truncated() can write data beyond the end of the provided buffer.
CVSS 1.9