CVE-2019-15167

Опубликовано: 18 авг. 2019

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463.

A buffer over-read flaw was found in the vrrp_print() function in the print-vrrp.c file in the VRRP parser in tcpdump, in VRRP version 3. This is a different vulnerability than CVE-2018-14463.

Отчет

tcpdump as shipped with Red Hat Enterprise Linux 8 and 9 is not affected by this issue.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	tcpdump	Out of support scope
Red Hat Enterprise Linux 7	tcpdump	Out of support scope
Red Hat Enterprise Linux 8	tcpdump	Not affected
Red Hat Enterprise Linux 9	tcpdump	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-126

https://bugzilla.redhat.com/show_bug.cgi?id=2241763tcpdump: Buffer over-read in vrrp_print() function in print-vrrp.c

EPSS

Процентиль: 30%

0.00113

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2019-15167

CVSS3: 9.1

ubuntu

больше 3 лет назад

The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463.

CVE-2019-15167

CVSS3: 9.1

nvd

больше 3 лет назад

The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463.

CVE-2019-15167

CVSS3: 9.1

debian

больше 3 лет назад

The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...

GHSA-x3gm-3hr2-8g66

CVSS3: 9.1

github

больше 3 лет назад

The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463.

openSUSE-SU-2019:2348-1

suse-cvrf

больше 6 лет назад

Security update for tcpdump

EPSS

Процентиль: 30%

0.00113

Низкий

7.5 High

CVSS3