Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-1010220

Опубликовано: 01 авг. 2019
Источник: redhat
CVSS3: 5.4
EPSS Низкий

Описание

tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". The attack vector is: The victim must open a specially crafted pcap file.

Отчет

This flaw was found to be a duplicate of CVE-2018-19519. Please see https://access.redhat.com/security/cve/CVE-2018-19519 for information about affected products and security errata.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5tcpdumpNot affected
Red Hat Enterprise Linux 6tcpdumpNot affected
Red Hat Enterprise Linux 7tcpdumpNot affected
Red Hat Enterprise Linux 8tcpdumpNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1735549tcpdump: buffer over-read in function print_prefix in print-hncp.c

EPSS

Процентиль: 52%
0.00293
Низкий

5.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-1010220

CVSS3: 3.3
ubuntu
больше 6 лет назад

tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". The attack vector is: The victim must open a specially crafted pcap file.

nvd логотип

CVE-2019-1010220

CVSS3: 3.3
nvd
больше 6 лет назад

tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". The attack vector is: The victim must open a specially crafted pcap file.

debian логотип

CVE-2019-1010220

CVSS3: 3.3
debian
больше 6 лет назад

tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. T ...

github логотип

GHSA-fj2x-3wgg-g9c7

CVSS3: 3.3
github
больше 3 лет назад

tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". The attack vector is: The victim must open a specially crafted pcap file.

fstec логотип

BDU:2020-04873

CVSS3: 3.3
fstec
больше 6 лет назад

Уязвимость утилиты для перехвата и анализа сетевого трафика tcpdump, вызванная переполнением буфера, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 52%
0.00293
Низкий

5.4 Medium

CVSS3