CVE-2017-16808

First published: Mon Nov 13 2017(Updated: )

tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.

Credit: CVE-2017-16808 CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16301 CVE-2018-16451 CVE-2018-16452 CVE-2019-15166 CVE-2019-15167 cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Tcpdump Tcpdump	=4.9.2
Apple macOS Catalina	<10.15.2	10.15.2
Apple Mojave
Apple High Sierra
ubuntu/tcpdump	<4.9.3-0ubuntu0.18.04.1	4.9.3-0ubuntu0.18.04.1
ubuntu/tcpdump	<4.9.3-0ubuntu0.14.04.1+	4.9.3-0ubuntu0.14.04.1+
ubuntu/tcpdump	<4.9.3-0ubuntu0.16.04.1	4.9.3-0ubuntu0.16.04.1
debian/tcpdump		4.9.3-1~deb10u2 4.9.3-1~deb10u1 4.99.0-2+deb11u1 4.99.3-1 4.99.4-4

Remedy

https://github.com/the-tcpdump-group/tcpdump/commit/46aead6c5265e8ae376d2cf274fb2b5195cd6b57

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

collector/nvd-index
agent/type
agent/first-publish-date
agent/last-modified-date
collector/launchpad-cve
source/Launchpad
agent/softwarecombine
collector/apple-support
alias/CVE-2018-10103
alias/CVE-2018-10105
alias/CVE-2018-14461
alias/CVE-2018-14462
alias/CVE-2018-14463
alias/CVE-2018-14464
alias/CVE-2018-14465
alias/CVE-2018-14466
alias/CVE-2018-14467
alias/CVE-2018-14468
alias/CVE-2018-14469
alias/CVE-2018-14470
alias/CVE-2018-14879
alias/CVE-2018-14880
alias/CVE-2018-14881
alias/CVE-2018-14882
alias/CVE-2018-16227
alias/CVE-2018-16228
alias/CVE-2018-16229
alias/CVE-2018-16230
alias/CVE-2018-16300
alias/CVE-2018-16301
alias/CVE-2018-16451
alias/CVE-2018-16452
alias/CVE-2019-15166
alias/CVE-2019-15167
agent/software-canonical-lookup-request
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
collector/nvd-cve
source/NVD
agent/event
agent/tags
agent/description
agent/author
agent/references
agent/severity
agent/weakness
agent/remedy
collector/usn-cve
source/Ubuntu
vendor/tcpdump
canonical/tcpdump tcpdump
version/tcpdump tcpdump/4.9.2
vendor/apple
canonical/apple macos catalina
canonical/apple mojave
canonical/apple high sierra
package-manager/debian
package-manager/ubuntu

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.