Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

tcpdump < 4.9.3 Multiple Vulnerabilities

Information

Severity

Severity

High

Family

Family

Buffer overflow

CVSSv2 Base

CVSSv2 Base

7.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

3 years ago

Modified

Modified

3 years ago

Summary

tcpdump is prone to multiple vulnerabilities.

Insight

Insight

There are buffer over-read vulnerabilities in the following modules: print-ldp.c:ldp_tlv_print(), print_icmp.c:icmp_print(), print_vrrp.c:vrrp_print(), print_lmp.c:lmp_print_data_link_subobjs(), print_rsvp.c:rsvp_obj_print(), print-rx.c:rx_cache_find(), print-rx.c:rx_cache_insert(), print-bgp.c:bgp_capabilities_print(), print-fr.c:mfr_print(), print-isakkmp.c:ikev1_n_print(), print_babel.c:babel_print_v2(), print-ospf6.c:ospf6_print_lshdr(), print-icmp6.c, print-802_11.c, print-hncp.c:print_prefix(), print-dccp.c:dccp_print_option(), print_bgp.c:bgp_attr_print(), print-smb.c:print_trans() There is a buffer overflow vulnerability in tcpdump.c:get_next_file(). There is a stack consumption vulnerability in print-bgp.c:bgp_attr_print(). There is a stack exhaustion vulnerability in smbutil.c:smb_fdata(). print_lmp.c:lmp_print_data_link_subobjs() lacks bounds checks.

Affected Software

Affected Software

tcpdump through version 4.9.2.

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Update to version 4.9.3.