CVE-2018-14462
Description
tcpdump before 4.9.3 has a buffer over-read in the ICMP parser via print-icmp.c:icmp_print(), leading to potential DoS or information disclosure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
tcpdump before 4.9.3 has a buffer over-read in the ICMP parser via print-icmp.c:icmp_print(), leading to potential DoS or information disclosure.
Vulnerability
A buffer over-read vulnerability exists in the ICMP parser of tcpdump versions prior to 4.9.3. The flaw resides in the icmp_print() function within print-icmp.c. When processing malformed ICMP packets, the function reads beyond the allocated buffer, potentially accessing adjacent memory regions. This condition is reachable when tcpdump is used to capture or analyze network traffic containing crafted ICMP messages. Affected versions include all tcpdump releases before 4.9.3 [3].
Exploitation
An attacker can exploit this vulnerability by sending a specially crafted ICMP packet over the network to a target system running a vulnerable version of tcpdump. No authentication or user interaction is required beyond the victim using tcpdump to capture or inspect the malicious traffic. The attack is network-based and can be performed remotely. The over-read occurs during packet parsing, making it effective without any special preconditions [2][3].
Impact
Successful exploitation can lead to a denial of service (DoS) by causing tcpdump to crash, and under certain conditions, it may allow an attacker to cause a crash or potentially leak sensitive information from memory via the over-read. While code execution is not directly confirmed for this specific CVE, the advisory notes that multiple tcpdump issues could possibly lead to arbitrary code execution [2][3]. The impact primarily affects the confidentiality and availability of the tcpdump process itself.
Mitigation
The vulnerability is fixed in tcpdump version 4.9.3 and later, released upstream in October 2018. Distributions including Ubuntu have provided updated packages (e.g., version 4.9.3-0ubuntu0.18.04.1 for Ubuntu 18.04 LTS) [2][3]. Apple also addressed this in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, though the Apple advisory does not explicitly list this CVE, the upstream fix mitigates it [1][4]. Users should update tcpdump to the latest version. No workarounds are available besides upgrading or avoiding use of tcpdump on untrusted network traffic.
- About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra - Apple Support
- USN-4252-2: tcpdump vulnerabilities | Ubuntu security notices | Ubuntu
- USN-4252-1: tcpdump vulnerabilities | Ubuntu security notices | Ubuntu
- APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
10- tcpdump/tcpdumpdescription
- osv-coords9 versionspkg:rpm/opensuse/tcpdump&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/tcpdump&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/tcpdump&distro=openSUSE%20Tumbleweedpkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
< 4.9.2-lp150.10.1+ 8 more
- (no CPE)range: < 4.9.2-lp150.10.1
- (no CPE)range: < 4.9.2-lp151.4.6.1
- (no CPE)range: < 4.99.1-1.2
- (no CPE)range: < 4.9.2-3.9.1
- (no CPE)range: < 4.9.2-3.9.1
- (no CPE)range: < 3.9.8-1.30.13.1
- (no CPE)range: < 3.9.8-1.30.13.1
- (no CPE)range: < 4.9.2-14.17.1
- (no CPE)range: < 4.9.2-14.17.1
Patches
2d9a693b04326VERSION set for release
1 file changed · +1 −1
VERSION+1 −1 modified@@ -1 +1 @@ -4.9.3rc2 +4.9.3
1a1bce0526a7(for 4.9.3) CVE-2018-14462/ICMP: Add a missing bounds check
6 files changed · +15 −0
print-icmp.c+1 −0 modified@@ -564,6 +564,7 @@ icmp_print(netdissect_options *ndo, const u_char *bp, u_int plen, const u_char * vec[0].len = plen; sum = in_cksum(vec, 1); if (sum != 0) { + ND_TCHECK_16BITS(&dp->icmp_cksum); uint16_t icmp_sum = EXTRACT_16BITS(&dp->icmp_cksum); ND_PRINT((ndo, " (wrong icmp cksum %x (->%x)!)", icmp_sum,
tests/icmp-icmp_print-oobr-1.out+7 −0 added@@ -0,0 +1,7 @@ +IP (tos 0x4, ttl 64, id 3584, offset 0, flags [none], proto ICMP (1), length 23, bad cksum a (->1e0f)!) + 22.3.2.0 > 54.209.0.0: ICMP type-#49, length 3[|icmp] +IP (tos 0x4, ttl 64, id 32512, offset 0, flags [none], proto VRRP (112), length 31, bad cksum 82 (->db96)!) + 22.3.211.0 > 54.209.0.0: vrrp 22.3.211.0 > 54.209.0.0: VRRPv3, Advertisement, (ttl 64), vrid 128, prio 69[|vrrp] +c0:05:ff:ff:40:9d > 00:0c:02:49:96:7e, ethertype Unknown (0xf1ff), length 65570: + 0x0000: 4404 0020 0e00 0000 4070 000a 1603 0200 D.......@p...... + 0x0010: 36d1 0000 3180 bc 6...1..
tests/icmp-icmp_print-oobr-1.pcap+0 −0 addedtests/icmp-icmp_print-oobr-2.out+5 −0 added@@ -0,0 +1,5 @@ +IP truncated-ip - 39 bytes missing! (tos 0x7f,CE, ttl 254, id 40208, offset 0, flags [none], proto VRRP (112), length 68, options (unknown 69 [bad length 83]), bad cksum 9b15 (->b774)!) + 250.219.91.20 > 209.150.251.64: vrrp 250.219.91.20 > 209.150.251.64: VRRPv2, Advertisement, (ttl 254)[|vrrp] +[|fr] +IP (tos 0x7f,CE, ttl 254, id 40208, offset 0, flags [none], proto ICMP (1), length 30, options (unknown 201 [bad length 255]), bad cksum 101 (->6470)!) + 1.241.1.250 > 219.91.15.170: ICMP type-#255, length 2[|icmp]
tests/icmp-icmp_print-oobr-2.pcap+0 −0 addedtests/TESTLIST+2 −0 modified@@ -553,6 +553,8 @@ ip_ts_opts_asan ip_ts_opts_asan.pcap ip_ts_opts_asan.out -v isakmpv1-attr-oobr isakmpv1-attr-oobr.pcap isakmpv1-attr-oobr.out -v isakmp-ikev1_n_print-oobr isakmp-ikev1_n_print-oobr.pcap isakmp-ikev1_n_print-oobr.out -v -c3 ldp-ldp_tlv_print-oobr ldp-ldp_tlv_print-oobr.pcap ldp-ldp_tlv_print-oobr.out -v -c1 +icmp-icmp_print-oobr-1 icmp-icmp_print-oobr-1.pcap icmp-icmp_print-oobr-1.out -v -c3 +icmp-icmp_print-oobr-2 icmp-icmp_print-oobr-2.pcap icmp-icmp_print-oobr-2.out -v -c3 # The .pcap file is truncated after the 1st packet. hncp_dhcpv6data-oobr hncp_dhcpv6data-oobr.pcap hncp_dhcpv6data-oobr.out -v -c1 hncp_dhcpv4data-oobr hncp_dhcpv4data-oobr.pcap hncp_dhcpv4data-oobr.out -v -c1
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
16- lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/mitrevendor-advisoryx_refsource_FEDORA
- usn.ubuntu.com/4252-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4252-2/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2019/dsa-4547mitrevendor-advisoryx_refsource_DEBIAN
- seclists.org/fulldisclosure/2019/Dec/26mitremailing-listx_refsource_FULLDISC
- github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGESmitrex_refsource_MISC
- github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3mitrex_refsource_CONFIRM
- lists.debian.org/debian-lts-announce/2019/10/msg00015.htmlmitremailing-listx_refsource_MLIST
- seclists.org/bugtraq/2019/Dec/23mitremailing-listx_refsource_BUGTRAQ
- seclists.org/bugtraq/2019/Oct/28mitremailing-listx_refsource_BUGTRAQ
- security.netapp.com/advisory/ntap-20200120-0001/mitrex_refsource_CONFIRM
- support.apple.com/kb/HT210788mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.