CVE-2018-14465
Description
A buffer over-read in tcpdump's RSVP parser before version 4.9.3 can lead to denial of service or potential arbitrary code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer over-read in tcpdump's RSVP parser before version 4.9.3 can lead to denial of service or potential arbitrary code execution.
Vulnerability
CVE-2018-14465 is a buffer over-read vulnerability in the RSVP parser of tcpdump, a command-line network traffic analyzer. The bug resides in the rsvp_obj_print() function in print-rsvp.c. Tcpdump versions before 4.9.3, including those shipped in Ubuntu 12.04 ESM, 14.04 ESM, and 18.04 LTS as well as older macOS versions, are affected [2][3]. The vulnerability is triggered when tcpdump processes a specially crafted RSVP packet.
Exploitation
An attacker can exploit this vulnerability by sending a malicious RSVP packet to a target running a vulnerable version of tcpdump on a network interface in promiscuous or monitor mode. No authentication or user interaction is required beyond tcpdump capturing the packet; the attacker only needs the ability to inject network traffic that reaches the victim's network interface. The over-read occurs during parsing of the malformed packet data [1][4].
Impact
Successful exploitation can cause tcpdump to crash, resulting in a denial of service. More critically, the buffer over-read could potentially be leveraged to achieve arbitrary code execution with the privileges of tcpdump (typically root when started with elevated capabilities). This impact is noted in the Ubuntu security advisories [2][3] and Apple's security content [1].
Mitigation
The vulnerability is fixed in tcpdump version 4.9.3, released in 2018. Users should upgrade to tcpdump 4.9.3 or later. For Ubuntu systems, the fixed package version is 4.9.3-0ubuntu0.18.04.1 for 18.04 LTS [3], and similar updates are available for other releases [2]. Apple addressed this vulnerability when fixed tcpdump was included in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, released December 10, 2019 [1][4]. There are no known workarounds; updating tcpdump is the recommended mitigation.
- About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra - Apple Support
- USN-4252-2: tcpdump vulnerabilities | Ubuntu security notices | Ubuntu
- USN-4252-1: tcpdump vulnerabilities | Ubuntu security notices | Ubuntu
- APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
10- tcpdump/tcpdumpdescription
- osv-coords9 versionspkg:rpm/opensuse/tcpdump&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/tcpdump&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/tcpdump&distro=openSUSE%20Tumbleweedpkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
< 4.9.2-lp150.10.1+ 8 more
- (no CPE)range: < 4.9.2-lp150.10.1
- (no CPE)range: < 4.9.2-lp151.4.6.1
- (no CPE)range: < 4.99.1-1.2
- (no CPE)range: < 4.9.2-3.9.1
- (no CPE)range: < 4.9.2-3.9.1
- (no CPE)range: < 3.9.8-1.30.13.1
- (no CPE)range: < 3.9.8-1.30.13.1
- (no CPE)range: < 4.9.2-14.17.1
- (no CPE)range: < 4.9.2-14.17.1
Patches
2d9a693b04326VERSION set for release
1 file changed · +1 −1
VERSION+1 −1 modified@@ -1 +1 @@ -4.9.3rc2 +4.9.3
bea2686c296b(for 4.9.3) CVE-2018-14465/RSVP: Add a missing bounds check
4 files changed · +9 −0
print-rsvp.c+1 −0 modified@@ -1555,6 +1555,7 @@ rsvp_obj_print(netdissect_options *ndo, case RSVP_OBJ_CLASSTYPE_OLD: /* fall through */ switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: + ND_TCHECK_32BITS(obj_tptr); ND_PRINT((ndo, "%s CT: %u", ident, EXTRACT_32BITS(obj_tptr) & 0x7));
tests/rsvp-rsvp_obj_print-oobr.out+7 −0 added@@ -0,0 +1,7 @@ +TIPC v5.0 226.0.0 > 64.14.1536, headerlength 56 bytes, MessageSize 51914 bytes, Link Changeover Protocol internal, messageType Unknown (0xcacacaca)[|TIPC] +[|ether] +IP (tos 0x0, ttl 14, id 44815, offset 0, flags [+, DF, rsvd], proto RSVP (46), length 40, bad cksum 3280 (->c411)!) + 250.219.91.71 > 20.100.238.255: + RSVPv1 Hello Message (20), Flags: [none], length: 16384, ttl: 0, checksum: 0x000e + Class Type (old) Object (125) Flags: [reject if unknown], Class-Type: 1 (1), length: 4 + [|rsvp]
tests/rsvp-rsvp_obj_print-oobr.pcap+0 −0 addedtests/TESTLIST+1 −0 modified@@ -555,6 +555,7 @@ isakmp-ikev1_n_print-oobr isakmp-ikev1_n_print-oobr.pcap isakmp-ikev1_n_print-oo ldp-ldp_tlv_print-oobr ldp-ldp_tlv_print-oobr.pcap ldp-ldp_tlv_print-oobr.out -v -c1 icmp-icmp_print-oobr-1 icmp-icmp_print-oobr-1.pcap icmp-icmp_print-oobr-1.out -v -c3 icmp-icmp_print-oobr-2 icmp-icmp_print-oobr-2.pcap icmp-icmp_print-oobr-2.out -v -c3 +rsvp-rsvp_obj_print-oobr rsvp-rsvp_obj_print-oobr.pcap rsvp-rsvp_obj_print-oobr.out -v -c3 # The .pcap file is truncated after the 1st packet. hncp_dhcpv6data-oobr hncp_dhcpv6data-oobr.pcap hncp_dhcpv6data-oobr.out -v -c1 hncp_dhcpv4data-oobr hncp_dhcpv4data-oobr.pcap hncp_dhcpv4data-oobr.out -v -c1
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
16- lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/mitrevendor-advisoryx_refsource_FEDORA
- usn.ubuntu.com/4252-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4252-2/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2019/dsa-4547mitrevendor-advisoryx_refsource_DEBIAN
- seclists.org/fulldisclosure/2019/Dec/26mitremailing-listx_refsource_FULLDISC
- github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGESmitrex_refsource_MISC
- github.com/the-tcpdump-group/tcpdump/commit/bea2686c296b79609060a104cc139810785b0739mitrex_refsource_CONFIRM
- lists.debian.org/debian-lts-announce/2019/10/msg00015.htmlmitremailing-listx_refsource_MLIST
- seclists.org/bugtraq/2019/Dec/23mitremailing-listx_refsource_BUGTRAQ
- seclists.org/bugtraq/2019/Oct/28mitremailing-listx_refsource_BUGTRAQ
- security.netapp.com/advisory/ntap-20200120-0001/mitrex_refsource_CONFIRM
- support.apple.com/kb/HT210788mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.