First published: Thu Oct 03 2019(Updated: )
Last updated 24 July 2024
Credit: CVE-2017-16808 CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16301 CVE-2018-16451 CVE-2018-16452 CVE-2019-15166 CVE-2019-15167 cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Tcpdump Tcpdump | <4.9.3 | |
Apple macOS Catalina | <10.15.2 | 10.15.2 |
Apple Mojave | ||
Apple High Sierra | ||
debian/tcpdump | 4.99.0-2+deb11u1 4.99.3-1 4.99.5-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2018-16300 is a vulnerability in tcpdump that allows stack consumption due to unlimited recursion in the BGP parser.
To fix CVE-2018-16300, update tcpdump to version 4.9.3 or higher.
The affected versions of tcpdump include 4.9.3-1~deb10u2, 4.9.3-1~deb10u1, 4.99.0-2+deb11u1, 4.99.3-1, and 4.99.4-3.
The operating systems affected by CVE-2018-16300 include Debian, Ubuntu, Apple macOS Catalina, Apple Mojave, and Apple High Sierra.
You can find more information about CVE-2018-16300 in the references provided: https://github.com/the-tcpdump-group/tcpdump/commit/af2cf04a9394c1a56227c2289ae8da262828294a, https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES, https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html