CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Tcpdump : Security Vulnerabilities Published In 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-1010220 125 2019-07-22 2019-08-20
4.3
None Remote Medium Not required Partial None None
tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". The attack vector is: The victim must open a specially crafted pcap file.
2 CVE-2019-15166 20 2019-10-03 2019-10-11
7.5
None Remote Low Not required Partial Partial Partial
lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.
3 CVE-2019-15165 20 2019-10-03 2019-10-08
5.0
None Remote Low Not required None Partial None
sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.
4 CVE-2019-15164 918 2019-10-03 2019-10-10
5.0
None Remote Low Not required None Partial None
rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source.
5 CVE-2019-15163 476 DoS 2019-10-03 2019-10-08
5.0
None Remote Low Not required None None Partial
rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails.
6 CVE-2019-15162 345 2019-10-03 2019-10-10
5.0
None Remote Low Not required Partial None None
rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.
7 CVE-2019-15161 20 2019-10-03 2019-10-08
5.0
None Remote Low Not required None Partial None
rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request.
8 CVE-2018-16452 674 2019-10-03 2019-10-11
5.0
None Remote Low Not required None None Partial
The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.
9 CVE-2018-16451 125 2019-10-03 2019-10-11
7.5
None Remote Low Not required Partial Partial Partial
The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.
10 CVE-2018-16301 120 Overflow 2019-10-03 2019-10-07
7.5
None Remote Low Not required Partial Partial Partial
libpcap before 1.9.1, as used in tcpdump before 4.9.3, has a buffer overflow and/or over-read because of errors in pcapng reading.
11 CVE-2018-16300 674 2019-10-03 2019-10-11
5.0
None Remote Low Not required None None Partial
The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.
12 CVE-2018-16230 125 2019-10-03 2019-10-11
7.5
None Remote Low Not required Partial Partial Partial
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).
13 CVE-2018-16229 125 2019-10-03 2019-10-11
7.5
None Remote Low Not required Partial Partial Partial
The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().
14 CVE-2018-16228 125 2019-10-03 2019-10-11
7.5
None Remote Low Not required Partial Partial Partial
The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().
15 CVE-2018-16227 125 2019-10-03 2019-10-11
7.5
None Remote Low Not required Partial Partial Partial
The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.
16 CVE-2018-14882 125 2019-10-03 2019-10-11
7.5
None Remote Low Not required Partial Partial Partial
The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.
17 CVE-2018-14881 125 2019-10-03 2019-10-11
7.5
None Remote Low Not required Partial Partial Partial
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).
18 CVE-2018-14880 125 2019-10-03 2019-10-11
7.5
None Remote Low Not required Partial Partial Partial
The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().
19 CVE-2018-14879 120 Overflow 2019-10-03 2019-10-11
7.5
None Remote Low Not required Partial Partial Partial
The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().
20 CVE-2018-14470 125 2019-10-03 2019-10-11
7.5
None Remote Low Not required Partial Partial Partial
The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().
21 CVE-2018-14469 125 2019-10-03 2019-10-11
7.5
None Remote Low Not required Partial Partial Partial
The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().
22 CVE-2018-14468 125 2019-10-03 2019-10-11
7.5
None Remote Low Not required Partial Partial Partial
The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().
23 CVE-2018-14467 125 2019-10-03 2019-10-11
7.5
None Remote Low Not required Partial Partial Partial
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).
24 CVE-2018-14466 125 2019-10-03 2019-10-11
7.5
None Remote Low Not required Partial Partial Partial
The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().
25 CVE-2018-14465 125 2019-10-03 2019-10-11
7.5
None Remote Low Not required Partial Partial Partial
The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
26 CVE-2018-14464 125 2019-10-03 2019-10-11
7.5
None Remote Low Not required Partial Partial Partial
The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().
27 CVE-2018-14463 125 2019-10-03 2019-10-11
7.5
None Remote Low Not required Partial Partial Partial
The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().
28 CVE-2018-14462 125 2019-10-03 2019-10-11
7.5
None Remote Low Not required Partial Partial Partial
The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().
29 CVE-2018-14461 125 2019-10-03 2019-10-11
7.5
None Remote Low Not required Partial Partial Partial
The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().
30 CVE-2018-10105 20 2019-10-03 2019-10-11
7.5
None Remote Low Not required Partial Partial Partial
tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).
31 CVE-2018-10103 20 2019-10-03 2019-10-11
7.5
None Remote Low Not required Partial Partial Partial
tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).
Total number of vulnerabilities : 31   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.