CVE-2017-13687
Description
A buffer over-read in tcpdump's Cisco HDLC parser before 4.9.2 allows an attacker to cause information disclosure or denial of service via a crafted CHDLC packet.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer over-read in tcpdump's Cisco HDLC parser before 4.9.2 allows an attacker to cause information disclosure or denial of service via a crafted CHDLC packet.
Vulnerability
A buffer over-read vulnerability exists in the Cisco HDLC (CHDLC) parser in tcpdump versions before 4.9.2. The flaw resides in the chdlc_print() function in print-chdlc.c. The function does not properly validate the length of the input before parsing protocol fields, leading to a buffer over-read when processing malformed packets [4]. Affected versions include all tcpdump releases prior to 4.9.2.
Exploitation
An attacker can exploit this vulnerability by crafting a malicious CHDLC packet and causing it to be processed by a victim running a vulnerable version of tcpdump. The attacker does not need authentication or special privileges; simply sending the packet over a network being monitored by the victim can trigger the over-read.
Impact
Successful exploitation results in a buffer over-read, which may lead to information disclosure (reading of sensitive memory contents) or denial of service (crash of tcpdump). The impact is limited to the tcpdump process and does not grant code execution directly.
Mitigation
The vulnerability is fixed in tcpdump version 4.9.2 [2]. Red Hat has released updated packages (tcpdump-4.9.2-3.el7) [2]. Apple has included the fix in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan [1]. Users should upgrade to the fixed version or apply the appropriate vendor patches. There is no known workaround.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
11- osv-coords10 versionspkg:rpm/opensuse/tcpdump&distro=openSUSE%20Tumbleweedpkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3
< 4.99.1-1.2+ 9 more
- (no CPE)range: < 4.99.1-1.2
- (no CPE)range: < 4.9.2-14.5.1
- (no CPE)range: < 4.9.2-14.5.1
- (no CPE)range: < 3.9.8-1.30.13.1
- (no CPE)range: < 3.9.8-1.30.13.1
- (no CPE)range: < 4.9.2-14.5.1
- (no CPE)range: < 4.9.2-14.5.1
- (no CPE)range: < 4.9.2-14.5.1
- (no CPE)range: < 4.9.2-14.5.1
- (no CPE)range: < 4.9.2-14.5.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- github.com/the-tcpdump-group/tcpdump/commit/a1eefe986065846b6c69dbc09afd9fa1a02c4a3dnvdIssue TrackingPatchThird Party Advisory
- www.debian.org/security/2017/dsa-3971nvdThird Party Advisory
- www.securitytracker.com/id/1039307nvdThird Party AdvisoryVDB Entry
- www.tcpdump.org/tcpdump-changes.txtnvdVendor Advisory
- access.redhat.com/errata/RHEA-2018:0705nvdThird Party Advisory
- github.com/the-tcpdump-group/tcpdump/commit/866c60236c41cea1e1654c8a071897292f64be49nvdIssue TrackingThird Party Advisory
- security.gentoo.org/glsa/201709-23nvdThird Party Advisory
- support.apple.com/HT208221nvdThird Party Advisory
News mentions
0No linked articles in our index yet.