Unrated severityNVD Advisory· Published Oct 3, 2019· Updated Dec 3, 2025
CVE-2018-14470
CVE-2018-14470
Description
A buffer over-read exists in the Babel parser of tcpdump before 4.9.3, potentially causing crashes or information disclosure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer over-read exists in the Babel parser of tcpdump before 4.9.3, potentially causing crashes or information disclosure.
Vulnerability
The Babel parser in tcpdump versions prior to 4.9.3 contains a buffer over-read vulnerability in the babel_print_v2() function within print-babel.c [1][2]. This occurs because an existing length check fails to properly validate the packet data, allowing read operations beyond the allocated buffer boundary when processing crafted Babel protocol traffic [3]. The issue affects all tcpdump releases before 4.9.3.
Exploitation
An attacker can exploit this vulnerability by sending a specially crafted network packet to a target system running an affected version of tcpdump. No authentication is required; the attacker only needs network access to deliver the malicious packet. When tcpdump processes the packet using the Babel protocol parser, the inadequate length validation triggers the buffer over-read [3].
Impact
Successful exploitation can lead to a denial of service (crash) due to reading out-of-bounds memory. In some scenarios, the over-read may expose sensitive memory contents, potentially leading to information disclosure. Under certain conditions, the vulnerability may be leveraged for arbitrary code execution, as noted in general advisories about tcpdump issues [2].
Mitigation
The fix was released in tcpdump version 4.9.3 [2][3]. Ubuntu users updated to 4.9.3-0ubuntu0.18.04.1 for 18.04 LTS [2]. Apple addressed the issue in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra (though note those releases list a different CVE—CVE-2019-8837—for the ATS component, not tcpdump; the tcpdump fix is included in the upstream release) [4]. Users should upgrade to tcpdump 4.9.3 or later.
References
- About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra - Apple Support
- USN-4252-1: tcpdump vulnerabilities | Ubuntu security notices | Ubuntu
- (for 4.9.3) CVE-2018-14470/Babel: fix an existing length check · the-tcpdump-group/tcpdump@12f66f6
- APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
9- tcpdump/tcpdumpdescription
- osv-coords7 versionspkg:rpm/opensuse/tcpdump&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/tcpdump&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/tcpdump&distro=openSUSE%20Tumbleweedpkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
< 4.9.2-lp150.10.1+ 6 more
- (no CPE)range: < 4.9.2-lp150.10.1
- (no CPE)range: < 4.9.2-lp151.4.6.1
- (no CPE)range: < 4.99.1-1.2
- (no CPE)range: < 4.9.2-3.9.1
- (no CPE)range: < 4.9.2-3.9.1
- (no CPE)range: < 4.9.2-14.17.1
- (no CPE)range: < 4.9.2-14.17.1
Patches
2d9a693b04326VERSION set for release
1 file changed · +1 −1
VERSION+1 −1 modified@@ -1 +1 @@ -4.9.3rc2 +4.9.3
12f66f69f7bf(for 4.9.3) CVE-2018-14470/Babel: fix an existing length check
4 files changed · +68 −1
print-babel.c+1 −1 modified@@ -480,7 +480,7 @@ babel_print_v2(netdissect_options *ndo, case MESSAGE_UPDATE: { if (!ndo->ndo_vflag) { ND_PRINT((ndo, " update")); - if(len < 1) + if(len < 10) ND_PRINT((ndo, "/truncated")); else ND_PRINT((ndo, "%s%s%s",
tests/babel_update_oobr.out+66 −0 added@@ -0,0 +1,66 @@ +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O^O^O^O^O^O^O^O^DM-2M-!M-1M-1M-1M-1M-1M-1M-1M-1M-,.M-0^Vn [|kerberos] +IP 10.0.0.1 > 0.234.154.214: ip-proto-17 +IP 10.0.0.1.88 > 0.234.154.179.24191: v4 be KDC_REQUEST: ^O^O^O^O^O^DM-2 .*^C@>M-z}M-uM-tM-+M-_M-{S^PM-=OM-^Y [|kerberos] +58:5e:0a:02:f4:0a > 02:8e:00:50:6a:e1, ethertype Unknown (0xb104), length 3892667167: + 0x0000: 020f 0f0f 0f0f 0f0f 0f0f 04b2 a1b1 b1b1 ................ + 0x0010: b1b1 b1b1 b158 5e0a 02f4 0ab1 0402 0f0f .....X^......... + 0x0020: ff80 0f0f 0f0f 0f00 80a1 00b2 b2b2 b20d ................ + 0x0030: 0d3a 3400 0001 00 .:4.... +IP 6.3.218.255.6379 > 0.1.31.99.639: Flags [S.UW], seq 2751463404:2751463426, ack 1006637056, win 45746, urg 25778, length 22: RESP [|RESP] +IP 6.3.208.255.6379 > 0.1.31.99.639: Flags [S.UW], seq 2751463404:2751463426, ack 1006640128, win 45746, urg 25778, length 22: RESP "M-2M-2M-2M-2M-2M-7dM-2M-2M-2M-2M-2" [|RESP] +IP 208.21.10.1.654 > 31.99.100.232.80: aodv rrep 34 prefix 4 hops 11 + dst 237.34.38.84 dseq 32203525 src 232.11.2.0 67108864 ms + ext 0 0 +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O^O^O^O^O^O^O^O^DM-WM-WM-WM-WM-WM-WM-W.@ 680min [|kerberos] +IP 10.0.253.1.88 > 0.234.154.214.24073: v4 be KDC_REQUEST: .M-^?M-^?^AM-^@M-^?M-^@M-V@M-WM-WM-sM-WM-WM-WM-WM-W 880min ^VM-^H [|kerberos] +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O^O^O^O7M-^@M-^?.d^O^O^O^O^O^O^O^O^O^O^O^O@^VM-^H [|kerberos] +IP 10.0.0.1.88 > 0.234.154.214.24073: v4 be KDC_REQUEST: .M-^?M-^?^AM-^@M-^?M-^@M-V@M-WM-WM-sM-WM-WM-WM-WM-W 880min ^VM-^H [|kerberos] +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O^O^O^O7M-^@M-^?.d^O^O^O^O^O^O^O^O^O^O^O^O@^VM-^H [|kerberos] +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O^O^O.^DM-2M-!^BM-W^CM-!^B@^D 0min ^P.^VM-^H [|kerberos] +IP 10.0.242.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O'^O^O@@.@^Qjp^J@ 1070min .X^^J^B [|kerberos] +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O^O^O^O^U.@^O^D^O^O^O^O^O^O^O^O^O^O^O^O [|kerberos] +IP 10.0.222.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O^O^O^O^DM-2 .M-g^C@>M-y}M-uM-tM-+M-` 680min [|kerberos] +01:01:ed:83:e3:ff > 02:8e:00:50:6d:e1, ethertype Unknown (0x0700), length 3892672031: + 0x0000: 4508 8834 d940 4000 4011 4a70 0a00 0001 E..4.@@.@.Jp.... + 0x0010: 00ea 9ad6 0058 5e0a 02f4 0ab1 0402 0f0f .....X^......... + 0x0020: 0f0f 0f0f 0f0f 0f04 b2a1 b1b1 b1b1 b1b1 ................ + 0x0030: b1b1 b100 b016 6e ......n +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O^O^O^O^U.@ ^D^R^O^O^O^O^O^O^O^O^O^O^O [|kerberos] +IP 10.0.255.127.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O^O^O^O^DM-2 .M-g^C@>M-z}M-uM-tM-^\M-`^VM-^?^?M-=OM-^Y [|kerberos] +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O^O.^B^O^O^O^O^DM-2M-!M-1M-1M-1M-1M-1M-1M-1M-1M-1M-^@M-0^VM-^H [|kerberos] +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O^O^O^O7M-^@M-^?M-^@^D^O^O^O^O^O^P.M-^?M-^?^O^O^O@^VM-^H [|kerberos] +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O^O^O.^DM-#M-^?M-^?d^O^O^O^O^O^O^O^O^O^O^O^O@^VM-^H [|kerberos] +IP 0.0.1.0 > 234.154.214.0: ip-proto-106 +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O^O^O^O7M-^@M-^?M-^@^D^O^O^O^O^O^P.M-^?M-^?^O^O^O@^VM-^H [|kerberos] +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O^O^O.^DM-^@M-^?M-^?M-^?^CM-!^B@^D 0min ^P.^VM-^H [|kerberos] +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O^O^O^O^O^O^O^O^DM-WM-WM-WM-WM-WM-WM-W.@ 680min [|kerberos] +IP 10.0.253.1.8280 > 0.234.154.214.24073: UDP, bad length 60652 > 32792 +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O^O^O^O7M-^@M-^?.d^O^O^O^O^O^O^O^O^O^O^O^O@^VM-^H [|kerberos] +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O^O^O.^DM-2M-!^BM-W^CM-!^B@^D 0min ^P.^VM-^H [|kerberos] +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O'^O^O@@.@^Qjp^J@ 1070min .X^^J^B [|kerberos] +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 le APPL_REQUEST_MUTUAL: (unknown) +01:00:01:00:00:00 > 02:8e:00:50:6a:e1, ethertype Unknown (0x08e8), length 3892667167: + 0x0000: 4408 8034 d92b 4000 4011 3b70 0a00 0001 D..4.+@.@.;p.... + 0x0010: 00ea 9ad6 0058 5e0a 02f4 0ab1 0402 ffff .....X^......... + 0x0020: ff7f 80ff 80d6 00c3 0880 34d9 4040 0040 ..........4.@@.@ + 0x0030: 114a 700a 0016 88 .Jp.... +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: .M-oM-^?M-^?@M-^?M-^@M-V M-WM-WM-WM-WM-WM-WM-WM-W 0min ^VM-^H [|kerberos] +IP 10.0.0.1.88 > 0.234.154.210.24073: v4 be KDC_REQUEST: .M-^?M-^?^AM-^@M-^?M-^@M-V@M-WM-WM-sM-WM-WM-WM-WM-W 880min ^VM-^H [|kerberos] +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O^O^O^O7M-^@M-^?.d^O^O^O^O^O^O^O^O^O^O^O^O@^VM-^H [|kerberos] +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O^O^O.^DM-2M-!^BM-WM-^?M-!^B^O^O^P@M-^?M-^?^O^O^O [|kerberos] +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O^O^O.^DM-#M-^?M-^?d^O^O^O^O^O^O^O^O^O^O^O^O@^VM-^H [|kerberos] +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O^O^O.^DM-2M-!^BM-W^CM-!^B@^D 0min ^P.^VM-^H [|kerberos] +IP 10.0.0.1.88 > 0.234.154.214.24074: +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O^O^O.^DM-^@M-^?M-^?M-^?^CM-!^B@^D 0min ^P.^VM-^H [|kerberos] +IP 10.0.0.1.88 > 0.234.154.214.24074: +IP 10.0.253.1.88 > 0.234.154.214.24073: v4 be KDC_REQUEST: .M-^?M-^?^AM-^@M-^?M-^@M-V@M-WM-WM-sM-WM-WM-WM-WM-W 880min ^VM-^H [|kerberos] +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O^O^O^O7M-^@M-^?.d^O^O^O^O^O^O^O^O^O^O^O^O@^VM-^H [|kerberos] +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O^O^O.^DM-2M-!^BM-W^CM-!^B@^D 0min ^P.^VM-^H [|kerberos] +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O'^O^O@@.@^Qjp^J@ 1070min .X^^J^B [|kerberos] +IP 64.0.0.1.88 > 0.234.154.214.24074: v4 le APPL_REQUEST_MUTUAL: (unknown) +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: M-^?M-^?M-^?^?M-^@M-^?M-^@M-V.M-C^HM-^@4M-Y@@@@^QJp^J [|kerberos] +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: .M-oM-^?M-^?@M-^?M-^@M-V 75min ^O^O^O^O^O^O^O^O.^VM-^H [|kerberos] +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O^O^O.^DM-2M-!^BM-W^CM-!^B@^D 0min ^P.^VM-^H [|kerberos] +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O^O^O^O7M-^@M-^?M-^@^D^O^O^O^O^O^P.M-^?M-^?^O^O^O@^VM-^H [|kerberos] +IP 10.0.0.1.88 > 0.234.154.214.24074: v4 be KDC_REQUEST: ^O^O^O^O.^DM-^@M-^?M-^?M-^?^CM-!^B@^D 0min ^P.^VM-^H [|kerberos] +IP 208.21.42.58.6697 > 110.228.104.254.30952: babel 2 (2056) update/truncated update/truncated update/truncated [|babel]
tests/babel_update_oobr.pcap+0 −0 addedtests/TESTLIST+1 −0 modified@@ -583,6 +583,7 @@ icmp6_nodeinfo_oobr icmp6_nodeinfo_oobr.pcap icmp6_nodeinfo_oobr.out # bad packets from Henri Salo rx_ubik-oobr rx_ubik-oobr.pcap rx_ubik-oobr.out -c1 +babel_update_oobr babel_update_oobr.pcap babel_update_oobr.out -c 52 # RTP tests # fuzzed pcap
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
16- lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/mitrevendor-advisoryx_refsource_FEDORA
- usn.ubuntu.com/4252-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4252-2/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2019/dsa-4547mitrevendor-advisoryx_refsource_DEBIAN
- seclists.org/fulldisclosure/2019/Dec/26mitremailing-listx_refsource_FULLDISC
- github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGESmitrex_refsource_MISC
- github.com/the-tcpdump-group/tcpdump/commit/12f66f69f7bf1ec1266ddbee90a7616cbf33696bmitrex_refsource_CONFIRM
- lists.debian.org/debian-lts-announce/2019/10/msg00015.htmlmitremailing-listx_refsource_MLIST
- seclists.org/bugtraq/2019/Dec/23mitremailing-listx_refsource_BUGTRAQ
- seclists.org/bugtraq/2019/Oct/28mitremailing-listx_refsource_BUGTRAQ
- security.netapp.com/advisory/ntap-20200120-0001/mitrex_refsource_CONFIRM
- support.apple.com/kb/HT210788mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.