Описание
The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets.
Ссылки
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:lbl:tcpdump:3.4:*:*:*:*:*:*:*
cpe:2.3:a:lbl:tcpdump:3.5:*:*:*:*:*:*:*
cpe:2.3:a:lbl:tcpdump:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:lbl:tcpdump:3.6.2:*:*:*:*:*:*:*
cpe:2.3:a:lbl:tcpdump:3.6.3:*:*:*:*:*:*:*
cpe:2.3:a:lbl:tcpdump:3.7:*:*:*:*:*:*:*
EPSS
Процентиль: 95%
0.21385
Средний
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
больше 21 года назад
The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote at ...
github
больше 3 лет назад
The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets.
EPSS
Процентиль: 95%
0.21385
Средний
5 Medium
CVSS2
Дефекты
NVD-CWE-Other