CVE-2017-13011

Опубликовано: 13 сент. 2017

Источник: redhat

CVSS3: 6.5

EPSS Низкий

Описание

Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal().

A vulnerability was found in tcpdump's verbose printing of packet data. A crafted pcap file or specially crafted network traffic could cause tcpdump to write out of bounds in the BSS segment, potentially causing tcpdump to display truncated or incorrectly decoded fields or crash with a segmentation violation. This does not affect tcpdump when used with the -w option to save a pcap file.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	tcpdump	Will not fix
Red Hat Enterprise Linux 6	tcpdump	Will not fix
Red Hat Enterprise Linux 7	tcpdump	Fixed	RHEA-2018:0705	10.04.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-120

https://bugzilla.redhat.com/show_bug.cgi?id=1490578tcpdump: Buffer overflow in util-print.c:bittok2str_internal()

EPSS

Процентиль: 81%

0.01488

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2017-13011

CVSS3: 9.8

ubuntu

больше 8 лет назад

Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal().

CVE-2017-13011

CVSS3: 9.8

nvd

больше 8 лет назад

Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal().

CVE-2017-13011

CVSS3: 9.8

debian

больше 8 лет назад

Several protocol parsers in tcpdump before 4.9.2 could cause a buffer ...

GHSA-p4v2-w338-928g

CVSS3: 9.8

github

больше 3 лет назад

Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal().

SUSE-SU-2017:2690-1

suse-cvrf

больше 8 лет назад

Security update for tcpdump

EPSS

Процентиль: 81%

0.01488

Низкий

6.5 Medium

CVSS3