CVE-2017-13690
Description
A buffer over-read in tcpdump's IKEv2 parser allows a remote attacker to crash the process or leak memory before version 4.9.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer over-read in tcpdump's IKEv2 parser allows a remote attacker to crash the process or leak memory before version 4.9.2.
Vulnerability
The IKEv2 parser in tcpdump before version 4.9.2 contains a buffer over-read in several functions within print-isakmp.c. The issue occurs when processing crafted IKEv2 packets, specifically in the handling of payload lengths during printing. The vulnerability is reachable when tcpdump parses network traffic and has been assigned CVE-2017-13690 [3] [4].
Exploitation
An attacker can exploit this vulnerability by sending a malformed IKEv2 packet to a target system running an affected version of tcpdump. No authentication is required; the attacker only needs network access to the machine using tcpdump to capture traffic. When tcpdump processes the malicious packet, the insufficient bounds checking causes a buffer over-read [3].
Impact
Successful exploitation could lead to a denial of service via application crash or potentially allow arbitrary code execution with the privileges of the tcpdump process [4]. Additionally, the over-read may leak sensitive memory contents, depending on the specific exploitation scenario.
Mitigation
The vulnerability is fixed in tcpdump version 4.9.2; users should upgrade to this release or later [2] [3] [4]. Gentoo users can upgrade via emerge [4]. Apple addressed the issue in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan [1]. No known workaround is available [4].
- About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan - Apple Support
- RHEA-2018:0705 - Product Enhancement Advisory
- CVE-2017-13690/IKEv2: Fix some bounds checks. · the-tcpdump-group/tcpdump@8dca25d
- Multiple vulnerabilities (GLSA 201709-23) — Gentoo security
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
9- osv-coords8 versionspkg:rpm/opensuse/tcpdump&distro=openSUSE%20Tumbleweedpkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3
< 4.99.1-1.2+ 7 more
- (no CPE)range: < 4.99.1-1.2
- (no CPE)range: < 4.9.2-14.5.1
- (no CPE)range: < 4.9.2-14.5.1
- (no CPE)range: < 4.9.2-14.5.1
- (no CPE)range: < 4.9.2-14.5.1
- (no CPE)range: < 4.9.2-14.5.1
- (no CPE)range: < 4.9.2-14.5.1
- (no CPE)range: < 4.9.2-14.5.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/the-tcpdump-group/tcpdump/commit/8dca25d26c7ca2caf6138267f6f17111212c156envdIssue TrackingPatchThird Party Advisory
- www.securitytracker.com/id/1039307nvdThird Party AdvisoryVDB Entry
- www.tcpdump.org/tcpdump-changes.txtnvdVendor Advisory
- www.debian.org/security/2017/dsa-3971nvd
- access.redhat.com/errata/RHEA-2018:0705nvd
- security.gentoo.org/glsa/201709-23nvd
- support.apple.com/HT208221nvd
News mentions
0No linked articles in our index yet.