Vulnerability Details : CVE-2018-10105
tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).
Vulnerability category: Input validation
Products affected by CVE-2018-10105
- cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-10105
1.53%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-10105
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2018-10105
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-10105
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
[SECURITY] Fedora 31 Update: tcpdump-4.9.3-1.fc31 - package-announce - Fedora Mailing-Lists
-
https://seclists.org/bugtraq/2019/Dec/23
Bugtraq: APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
-
https://security.netapp.com/advisory/ntap-20200120-0001/
October 2019 Tcpdump Vulnerabilities in NetApp Products | NetApp Product Security
-
https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
[SECURITY] [DLA 1955-1] tcpdump security update
-
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
[security-announce] openSUSE-SU-2019:2348-1: important: Security update
-
http://seclists.org/fulldisclosure/2019/Dec/26
Full Disclosure: APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
-
https://usn.ubuntu.com/4252-1/
USN-4252-1: tcpdump vulnerabilities | Ubuntu security notices
-
https://usn.ubuntu.com/4252-2/
USN-4252-2: tcpdump vulnerabilities | Ubuntu security notices
-
https://www.debian.org/security/2019/dsa-4547
Debian -- Security Information -- DSA-4547-1 tcpdump
-
https://support.apple.com/kb/HT210788
About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra - Apple Support
-
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
[security-announce] openSUSE-SU-2019:2344-1: important: Security update
-
https://support.f5.com/csp/article/K44551633?utm_source=f5support&utm_medium=RSS
-
https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
Release Notes;Third Party Advisory
-
https://seclists.org/bugtraq/2019/Oct/28
Bugtraq: [SECURITY] [DSA 4547-1] tcpdump security update
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
[SECURITY] Fedora 30 Update: tcpdump-4.9.3-1.fc30 - package-announce - Fedora Mailing-Lists
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
[SECURITY] Fedora 29 Update: tcpdump-4.9.3-1.fc29 - package-announce - Fedora Mailing-Lists
Jump to