VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 3, 2019· Updated Aug 5, 2024

CVE-2018-14463

CVE-2018-14463

Description

A buffer over-read in tcpdump's VRRP parser (vrrp_print) for version 2 allows an attacker to cause a crash or disclose memory via a crafted packet.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A buffer over-read in tcpdump's VRRP parser (vrrp_print) for version 2 allows an attacker to cause a crash or disclose memory via a crafted packet.

Vulnerability

The VRRP (Virtual Router Redundancy Protocol) parser in tcpdump versions before 4.9.3 contains a buffer over-read vulnerability in the vrrp_print() function within print-vrrp.c. This issue specifically affects VRRP version 2 packets and is distinct from CVE-2019-15167 [4]. The over-read occurs when parsing crafted VRRP packets that cause the parser to read beyond the allocated buffer boundaries.

Exploitation

An attacker with network access to send a specially crafted VRRP version 2 packet to a system running an affected tcpdump version can trigger the buffer over-read. No authentication is required, and the vulnerability can be exploited remotely by sending a single malicious packet to a network interface that tcpdump is monitoring [2][3].

Impact

Successful exploitation can lead to a denial of service (tcpdump crash) or potentially arbitrary code execution from remote, as indicated by Ubuntu security notices [2][3]. The over-read may also disclose sensitive memory contents, depending on the attacker's goal.

Mitigation

The vulnerability is fixed in tcpdump 4.9.3 and later [4]. Ubuntu package version 4.9.3-0ubuntu0.18.04.1 is available for Ubuntu 18.04 LTS, with updates for other Ubuntu releases [3]. Apple addressed this in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra [1]. Users should upgrade to the latest version of tcpdump.

References
  1. About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra - Apple Support
  2. USN-4252-2: tcpdump vulnerabilities | Ubuntu security notices | Ubuntu
  3. USN-4252-1: tcpdump vulnerabilities | Ubuntu security notices | Ubuntu
  4. tcpdump/CHANGES at tcpdump-4.9 · the-tcpdump-group/tcpdump

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

11

Patches

2
d9a693b04326

VERSION set for release

https://github.com/the-tcpdump-group/tcpdumpMichael RichardsonSep 30, 2019via osv
commit
1 file changed · +1 1
  • VERSION+1 1 modified
    @@ -1 +1 @@
-4.9.3rc2
+4.9.3
3de07c772166

(for 4.9.3) CVE-2018-14463/VRRP: Add a missing bounds check

https://github.com/the-tcpdump-group/tcpdumpFrancois-Xavier Le BailOct 8, 2017via osv
commit
4 files changed · +10 1
  • print-vrrp.c+3 1 modified
    @@ -142,9 +142,11 @@ vrrp_print(netdissect_options *ndo,
 
 			vec[0].ptr = bp;
 			vec[0].len = len;
-			if (in_cksum(vec, 1))
+			if (in_cksum(vec, 1)) {
+				ND_TCHECK_16BITS(&bp[6]);
 				ND_PRINT((ndo, ", (bad vrrp cksum %x)",
 					EXTRACT_16BITS(&bp[6])));
+			}
 		}
 
 		if (version == 3 && ND_TTEST2(bp[0], len)) {
  • tests/TESTLIST+1 0 modified
    @@ -556,6 +556,7 @@ ldp-ldp_tlv_print-oobr ldp-ldp_tlv_print-oobr.pcap ldp-ldp_tlv_print-oobr.out -v
 icmp-icmp_print-oobr-1 icmp-icmp_print-oobr-1.pcap icmp-icmp_print-oobr-1.out -v -c3
 icmp-icmp_print-oobr-2 icmp-icmp_print-oobr-2.pcap icmp-icmp_print-oobr-2.out -v -c3
 rsvp-rsvp_obj_print-oobr rsvp-rsvp_obj_print-oobr.pcap rsvp-rsvp_obj_print-oobr.out -v -c3
+vrrp-vrrp_print-oobr vrrp-vrrp_print-oobr.pcap vrrp-vrrp_print-oobr.out -v -c3
 # The .pcap file is truncated after the 1st packet.
 hncp_dhcpv6data-oobr	hncp_dhcpv6data-oobr.pcap	hncp_dhcpv6data-oobr.out -v -c1
 hncp_dhcpv4data-oobr	hncp_dhcpv4data-oobr.pcap	hncp_dhcpv4data-oobr.out -v -c1
  • tests/vrrp-vrrp_print-oobr.out+6 0 added
    @@ -0,0 +1,6 @@
+IP (tos 0x7f,CE, ttl 254, id 40208, offset 0, flags [none], proto VRRP (112), length 34, options (unknown 69 [bad length 83]), bad cksum 8e15 (->bc96)!)
+    250.219.91.20 > 209.150.251.64: vrrp 250.219.91.20 > 209.150.251.64: VRRPv2, Advertisement, (ttl 254), vrid 2, prio 0, authtype simple, intvl 255s, length 6[|vrrp]
+IP (tos 0x7f,CE, ttl 254, id 40208, offset 0, flags [none], proto VRRP (112), length 40, options (unknown 69 [bad length 83]), bad cksum 8e15 (->b790)!)
+    250.219.91.20 > 209.150.251.64: vrrp 250.219.91.20 > 209.150.251.64: VRRPv2, Advertisement, (ttl 254), vrid 2, prio 0, authtype simple, intvl 255s, length 12, addrs:[|vrrp]
+IP (tos 0x7f,CE, ttl 254, id 40208, offset 0, flags [none], proto VRRP (112), length 40, options (unknown 69 [bad length 83]), bad cksum 8e15 (->bc90)!)
+    250.219.91.20 > 209.150.251.64: vrrp 250.219.91.20 > 209.150.251.64: VRRPv2, Advertisement, (ttl 254), vrid 2, prio 0, authtype simple, intvl 255s, length 12, addrs:[|vrrp]
  • tests/vrrp-vrrp_print-oobr.pcap+0 0 added

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

16

News mentions

0

No linked articles in our index yet.