CVE-2018-14468

Опубликовано: 02 окт. 2019

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().

An out-of-bounds read vulnerability was discovered in tcpdump while printing FRF.16 packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	tcpdump	Out of support scope
Red Hat Enterprise Linux 6	tcpdump	Out of support scope
Red Hat Enterprise Linux 7	tcpdump	Fix deferred
Red Hat Enterprise Linux 8	tcpdump	Fixed	RHSA-2020:4760	04.11.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=1760464tcpdump: Buffer over-read in mfr_print() function in print-fr.c

EPSS

Процентиль: 71%

0.00678

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2018-14468

CVSS3: 7.5

ubuntu

около 6 лет назад

The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().

CVE-2018-14468

CVSS3: 7.5

nvd

около 6 лет назад

The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().

CVE-2018-14468

CVSS3: 7.5

debian

около 6 лет назад

The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in pr ...

GHSA-75jx-pcxc-2v2f

CVSS3: 7.5

github

больше 3 лет назад

The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().

ELSA-2020-5662

oracle-oval

больше 5 лет назад

ELSA-2020-5662: tcpdump security update (IMPORTANT)

EPSS

Процентиль: 71%

0.00678

Низкий

7.5 High

CVSS3