Description
Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.
Exploits (1)
References (9)
Core 9
Core References
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/35359
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html
Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/129156/tcpdump-4.6.2-Geonet-Denial-Of-Service.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2433-1
Exploit, Third Party Advisory, VDB Entry mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Nov/48
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/71155
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/98766
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/534010/100/0/threaded
Scores
EPSS
0.2831
EPSS Percentile
96.5%
Details
CWE
CWE-191
Status
published
Products (13)
canonical/ubuntu_linux
10.04
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
14.10
opensuse/opensuse
13.1
opensuse/opensuse
13.2
oracle/solaris
11.2
redhat/tcpdump
4.5.0
redhat/tcpdump
4.5.1
redhat/tcpdump
4.5.2
... and 3 more
Published
Nov 20, 2014
Tracked Since
Feb 18, 2026