CVE-2007-3798

CRITICAL

tcpdump <3.9.6 - RCE

Title source: llm

Description

Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.

Exploits (1)

exploitdb WORKING POC VERIFIED

by mu-b · cremotelinux

https://www.exploit-db.com/exploits/30319

View Code ZIP pw:eip

References (35)

[Third Party Advisory] http://bugs.gentoo.org/show_bug.cgi?id=184815

[Broken Link] http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11&r2=1.91.2.12

[Broken Link] http://docs.info.apple.com/article.html?artnum=307179

[Mailing List] http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

[Broken Link, Vendor Advisory] http://secunia.com/advisories/26135

[Broken Link, Vendor Advisory] http://secunia.com/advisories/26168

[Broken Link, Vendor Advisory] http://secunia.com/advisories/26223

[Broken Link, Vendor Advisory] http://secunia.com/advisories/26231

[Broken Link, Vendor Advisory] http://secunia.com/advisories/26263

[Broken Link, Vendor Advisory] http://secunia.com/advisories/26266

[Broken Link, Vendor Advisory] http://secunia.com/advisories/26286

[Broken Link, Vendor Advisory] http://secunia.com/advisories/26395

[Broken Link, Vendor Advisory] http://secunia.com/advisories/26404

[Broken Link, Vendor Advisory] http://secunia.com/advisories/26521

[Broken Link, Vendor Advisory] http://secunia.com/advisories/27580

[Broken Link, Vendor Advisory] http://secunia.com/advisories/28136

[Third Party Advisory] http://security.freebsd.org/advisories/FreeBSD-SA-07:06.tcpdump.asc

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-200707-14.xml

[Mailing List, Patch] http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.449313

[Third Party Advisory] http://www.debian.org/security/2007/dsa-1353

... and 15 more

Scores

CVSS v3 9.8

EPSS 0.7269

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-252

Status draft

Affected Products (48)

freebsd/freebsd

tcpdump/tcpdump < 3.9.6

canonical/ubuntu_linux

debian/debian_linux

slackware/slackware

... and 33 more

Timeline

Published Jul 16, 2007

Tracked Since Feb 18, 2026