CVE-2017-13725
Description
A buffer over-read in tcpdump's IPv6 routing header parser (rt6_print) before 4.9.2 allows remote attackers to cause a denial of service or potentially execute arbitrary code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer over-read in tcpdump's IPv6 routing header parser (rt6_print) before 4.9.2 allows remote attackers to cause a denial of service or potentially execute arbitrary code.
Vulnerability
A buffer over-read vulnerability exists in the rt6_print() function in print-rt6.c of tcpdump versions prior to 4.9.2. The function does not properly validate the length of the IPv6 routing header before reading fields such as ip6r_len and ip6r_segleft, leading to an out-of-bounds read when processing a crafted packet [4].
Exploitation
An attacker can exploit this vulnerability by sending a specially crafted IPv6 packet containing a malformed routing header to a target system running an affected version of tcpdump. No authentication or user interaction is required; the attacker only needs network access to deliver the packet. When tcpdump captures and parses the packet, the over-read occurs, potentially causing a crash or leaking memory contents [3].
Impact
Successful exploitation can result in a denial of service (application crash) or, in the worst case, arbitrary code execution with the privileges of the tcpdump process [3]. Additionally, the buffer over-read may disclose sensitive information from the process's memory. The CVSS v3 score is 9.8 (Critical), reflecting the remote, unauthenticated nature of the attack and the potential for full compromise.
Mitigation
The vulnerability is fixed in tcpdump version 4.9.2 [4]. Red Hat Enterprise Linux 7 users can update to tcpdump-4.9.2-3.el7 [2]. Gentoo users should upgrade to >=net-analyzer/tcpdump-4.9.2 [3]. No workarounds are available; upgrading is the only mitigation.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
11- osv-coords10 versionspkg:rpm/opensuse/tcpdump&distro=openSUSE%20Tumbleweedpkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3
< 4.99.1-1.2+ 9 more
- (no CPE)range: < 4.99.1-1.2
- (no CPE)range: < 4.9.2-14.5.1
- (no CPE)range: < 4.9.2-14.5.1
- (no CPE)range: < 3.9.8-1.30.13.1
- (no CPE)range: < 3.9.8-1.30.13.1
- (no CPE)range: < 4.9.2-14.5.1
- (no CPE)range: < 4.9.2-14.5.1
- (no CPE)range: < 4.9.2-14.5.1
- (no CPE)range: < 4.9.2-14.5.1
- (no CPE)range: < 4.9.2-14.5.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- github.com/the-tcpdump-group/tcpdump/commit/3c4d7c0ee30a30e5abff3d6d9586a3753101faf5nvdIssue TrackingPatchThird Party Advisory
- www.debian.org/security/2017/dsa-3971nvdThird Party Advisory
- www.securitytracker.com/id/1039307nvdThird Party AdvisoryVDB Entry
- www.tcpdump.org/tcpdump-changes.txtnvdVendor Advisory
- access.redhat.com/errata/RHEA-2018:0705nvdThird Party Advisory
- github.com/the-tcpdump-group/tcpdump/commit/c7c515ee03c285cc51376328de4ae9d549e501a5nvdIssue TrackingThird Party Advisory
- security.gentoo.org/glsa/201709-23nvdThird Party Advisory
- support.apple.com/HT208221nvdThird Party Advisory
News mentions
0No linked articles in our index yet.