First published: Mon Jul 22 2019(Updated: )
tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". The attack vector is: The victim must open a specially crafted pcap file.
Credit: josh@bress.net josh@bress.net
Affected Software | Affected Version | How to fix |
---|---|---|
Tcpdump Tcpdump | =4.9.2 | |
ubuntu/tcpdump | <4.9.3-0ubuntu0.18.04.1 | 4.9.3-0ubuntu0.18.04.1 |
ubuntu/tcpdump | <4.9.3-0ubuntu0.14.04.1+ | 4.9.3-0ubuntu0.14.04.1+ |
ubuntu/tcpdump | <4.9.3 | 4.9.3 |
ubuntu/tcpdump | <4.9.3-0ubuntu0.16.04.1 | 4.9.3-0ubuntu0.16.04.1 |
debian/tcpdump | <=4.9.3-1~deb10u2<=4.9.3-1~deb10u1<=4.99.0-2+deb11u1<=4.99.3-1<=4.99.4-4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-1010220.
The impact is the potential exposure of Saved Frame Pointer, Return Address, etc. on the stack.
The component affected is line 234: "ND_PRINT((ndo, "%s", buf));", in the function named "print_prefix", in "print-hncp.c".
The attack vector requires the victim to open a maliciously crafted packet capture file or be on a network where malicious packets are being captured.
To fix the vulnerability, update tcpdump to version 4.9.3 or later.