CVE-2015-2155
Description
A vulnerability in the force printer of tcpdump before 4.7.2 allows remote attackers to cause a crash or potentially execute arbitrary code via specially crafted packets.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A vulnerability in the force printer of tcpdump before 4.7.2 allows remote attackers to cause a crash or potentially execute arbitrary code via specially crafted packets.
Vulnerability
CVE-2015-2155 is a vulnerability in the force printer of tcpdump before version 4.7.2. The issue involves unspecified vectors that can be triggered when tcpdump processes specially crafted network packets, most likely related to a flaw in how the printer handles certain protocol data. This affects all versions of tcpdump prior to 4.7.2 [2][3].
Exploitation
An attacker can exploit this by sending specially crafted packets onto a network segment where tcpdump is running in live capture mode (or by providing a malicious pcap file). No authentication is required beyond network access; the user simply needs to run tcpdump and allow it to process the attacker's traffic. In default Ubuntu installations, the tcpdump AppArmor profile provides some isolation but does not prevent the crash [3].
Impact
Successful exploitation results in a denial of service (crash) and may allow arbitrary code execution in the context of the tcpdump process. The CVSS base score from Red Hat is 5.5 (Medium), indicating moderate severity. An attacker could potentially compromise the system if the process runs with elevated privileges [1][2][3].
Mitigation
The fix was released in tcpdump version 4.7.2. Red Hat Enterprise Linux 7 updated to tcpdump 4.9.0 in RHSA-2017:1871 [1]. Ubuntu published USN-2580-1 on 27 April 2015, updating to version 4.7.2 [3]. Fedora also provided updated packages in March 2015 [4]. Users should upgrade their tcpdump to the latest version available for their distribution.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
30cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*
- osv-coords22 versionspkg:rpm/opensuse/tcpdump&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libpcap&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/libpcap&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/libpcap&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/libpcap&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/libpcap&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/libpcap&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/libpcap&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/libpcap&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/libpcap&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/libpcap&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP1pkg:rpm/suse/libpcap&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2
< 4.7.4-3.4+ 21 more
- (no CPE)range: < 4.7.4-3.4
- (no CPE)range: < 1.8.1-9.1
- (no CPE)range: < 1.8.1-9.1
- (no CPE)range: < 1.8.1-9.1
- (no CPE)range: < 1.8.1-9.1
- (no CPE)range: < 1.8.1-9.1
- (no CPE)range: < 1.8.1-9.1
- (no CPE)range: < 1.8.1-9.1
- (no CPE)range: < 1.8.1-9.1
- (no CPE)range: < 1.8.1-9.1
- (no CPE)range: < 1.8.1-9.1
- (no CPE)range: < 1.8.1-9.1
- (no CPE)range: < 4.5.1-7.1
- (no CPE)range: < 4.9.0-13.1
- (no CPE)range: < 4.9.0-13.1
- (no CPE)range: < 4.5.1-7.1
- (no CPE)range: < 4.9.0-13.1
- (no CPE)range: < 4.9.0-13.1
- (no CPE)range: < 4.9.0-13.1
- (no CPE)range: < 4.5.1-7.1
- (no CPE)range: < 4.9.0-13.1
- (no CPE)range: < 4.9.0-13.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
15- packetstormsecurity.com/files/130730/tcpdump-Denial-Of-Service-Code-Execution.htmlnvdPatchThird Party AdvisoryVDB Entry
- advisories.mageia.org/MGASA-2015-0114.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2015-March/153834.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-updates/2015-03/msg00084.htmlnvdThird Party Advisory
- www.debian.org/security/2015/dsa-3193nvdThird Party Advisory
- www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlnvdThird Party Advisory
- www.securitytracker.com/id/1031937nvdThird Party AdvisoryVDB Entry
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryVDB Entry
- www.mandriva.com/security/advisoriesnvdBroken Link
- www.mandriva.com/security/advisoriesnvdBroken Link
- www.securityfocus.com/archive/1/534829/100/0/threadednvd
- www.securityfocus.com/bid/73021nvd
- www.ubuntu.com/usn/USN-2580-1nvd
- access.redhat.com/errata/RHSA-2017:1871nvd
- security.gentoo.org/glsa/201510-04nvd
News mentions
0No linked articles in our index yet.