CVE-2005-1267

tcpdump 3.x - DoS

Title source: llm

Description

The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.

Exploits (1)

exploitdb WORKING POC VERIFIED

by simon · cdosmultiple

https://www.exploit-db.com/exploits/1037

View Code ZIP pw:eip

References (10)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/13906

[Third Party Advisory] http://secunia.com/advisories/17118

[Patch, Vendor Advisory] http://www.trustix.org/errata/2005/0028/

[Patch, Vendor Advisory] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159208

[Patch, Vendor Advisory] http://secunia.com/advisories/15634/

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2005-505.html

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11148

[Patch, Vendor Advisory] http://www.redhat.com/archives/fedora-announce-list/2005-June/msg00007.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/430292/100/0/threaded

[Third Party Advisory] http://www.debian.org/security/2005/dsa-854

Scores

EPSS 0.1127

EPSS Percentile 93.5%

Details

Status published

Products (23)

gentoo/linux

lbl/tcpdump 3.4

lbl/tcpdump 3.4a6

lbl/tcpdump 3.5

lbl/tcpdump 3.5.2

lbl/tcpdump 3.5_alpha

lbl/tcpdump 3.6.2

lbl/tcpdump 3.6.3

lbl/tcpdump 3.7

lbl/tcpdump 3.7.1

... and 13 more

Published Jun 10, 2005

Tracked Since Feb 18, 2026