Описание
The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way.
An out-of-bounds read vulnerability was discovered in tcpdump while printing SOME/IP packets captured in a pcap file or coming from the network. This flaw allows a remote attacker to send specially crafted packets that, when printed, can trigger the flaw and crash the application. The highest threat from this vulnerability is to system availability.
Отчет
This issue did not affect the versions of tcpdump as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8, as they did not include support for the SOME/IP dissector.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | tcpdump | Not affected | ||
| Red Hat Enterprise Linux 6 | tcpdump | Not affected | ||
| Red Hat Enterprise Linux 7 | tcpdump | Not affected | ||
| Red Hat Enterprise Linux 8 | tcpdump | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way.
The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way.
The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SO ...
The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way.
EPSS
7.5 High
CVSS3