Guy Harris

93 exploits Active since Feb 2014
CVE-2017-13037 WRITEUP CRITICAL WRITEUP
tcpdump < 4.9.2 - Out-of-bounds Read in IP Parser
The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts().
CVSS 9.8
CVE-2017-13038 WRITEUP CRITICAL WRITEUP
tcpdump < 4.9.2 - Out-of-bounds Read in PPP Parser
The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp().
CVSS 9.8
CVE-2017-13039 WRITEUP CRITICAL WRITEUP
tcpdump < 4.9.1 - Out-of-bounds Read in ISAKMP Parser
The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.
CVSS 9.8
CVE-2017-13040 WRITEUP CRITICAL WRITEUP
tcpdump < 4.9.2 - Out-of-bounds Read in MPTCP Parser
The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.
CVSS 9.8
CVE-2017-13041 WRITEUP CRITICAL WRITEUP
tcpdump < 4.9.2 - Out-of-bounds Read in ICMPv6 Parser
The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print().
CVSS 9.8
CVE-2017-13688 WRITEUP CRITICAL WRITEUP
tcpdump < 4.9.2 - Out-of-bounds Read in OLSR Parser
The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print().
CVSS 9.8
CVE-2017-13689 WRITEUP CRITICAL WRITEUP
tcpdump < 4.9.2 - Out-of-bounds Read in IKEv1 Parser
The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print().
CVSS 9.8
CVE-2017-13690 WRITEUP CRITICAL WRITEUP
tcpdump < 4.9.2 - Out-of-bounds Read in IKEv2 Parser
The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.
CVSS 9.8
CVE-2017-13725 WRITEUP CRITICAL WRITEUP
tcpdump < 4.9.2 - Out-of-bounds Read in IPv6 Routing Header Parser
The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().
CVSS 9.8
CVE-2019-15162 WRITEUP MEDIUM WRITEUP
libpcap < 1.9.1 - Information Disclosure via Authentication Error Messages
rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.
CVSS 5.3
CVE-2019-15163 WRITEUP HIGH WRITEUP
libpcap < 1.9.1 - Denial of Service via NULL Pointer Dereference in rpcapd
rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails.
CVSS 7.5
CVE-2019-15164 WRITEUP MEDIUM WRITEUP
libpcap < 1.9.1 - Server-Side Request Forgery via rpcapd URL Parameter
rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source.
CVSS 5.3
CVE-2020-8037 WRITEUP HIGH WRITEUP
tcpdump 4.9.3 - Denial of Service via PPP Decapsulator Memory Allocation
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
CVSS 7.5
CVE-2023-1801 WRITEUP MEDIUM WRITEUP
tcpdump 4.99.3 - Out-of-bounds Write in SMB Protocol Decoder
The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet.
CVSS 6.5
CVE-2023-7256 WRITEUP MEDIUM WRITEUP
libpcap < 1.10.5 - Double Free in Remote Packet Capture Address Initialization
In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400.
CVSS 4.4
CVE-2024-2397 WRITEUP MEDIUM WRITEUP
tcpdump >=0d4083e <b9811ef - Denial of Service via Crafted DLT_PPP_SERIAL .pcap File
Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21.
CVSS 6.2
CVE-2024-24479 WRITEUP HIGH WRITEUP
Wireshark < 4.2.0 - Denial of Service via wsutil/to_str.c Fractional Part Formatting
A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.
CVSS 7.5
CVE-2025-11964 WRITEUP LOW WRITEUP
libpcap 1.10.0-1.10.5 - Out-of-bounds Write in utf_16le_to_utf_8_truncated
On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4 bytes, utf_16le_to_utf_8_truncated() can write data beyond the end of the provided buffer.
CVSS 1.9