CVE-2018-14879
Description
Buffer overflow in tcpdump's command-line argument parser (get_next_file()) before 4.9.3 allows remote attackers to cause a crash or execute arbitrary code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflow in tcpdump's command-line argument parser (get_next_file()) before 4.9.3 allows remote attackers to cause a crash or execute arbitrary code.
Vulnerability
A buffer overflow exists in the command-line argument parser of tcpdump, specifically in the get_next_file() function in tcpdump.c. This affects tcpdump versions before 4.9.3 [2]. The vulnerability is triggered when processing a specially crafted filename or argument.
Exploitation
An attacker can exploit this vulnerability by supplying a crafted input that causes a buffer overflow in the argument parser. This could be achieved remotely if tcpdump is used to process network data (e.g., reading pcap files from a network source), or locally through command-line invocation [2]. The exact attack vector is not fully detailed, but the overflow leads to memory corruption.
Impact
Successful exploitation could result in a denial of service (tcpdump crash) or potentially arbitrary code execution with the privileges of the tcpdump process, which often runs as root [2].
Mitigation
Upgrade to tcpdump version 4.9.3 or later [2]. For Ubuntu systems, updated packages are available (e.g., version 4.9.3-0ubuntu0.18.04.1). There is no known workaround; applying the patch is strongly recommended. This CVE is not listed in the Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
9- tcpdump/tcpdumpdescription
- osv-coords7 versionspkg:rpm/opensuse/tcpdump&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/tcpdump&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/tcpdump&distro=openSUSE%20Tumbleweedpkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
< 4.9.2-lp150.10.1+ 6 more
- (no CPE)range: < 4.9.2-lp150.10.1
- (no CPE)range: < 4.9.2-lp151.4.6.1
- (no CPE)range: < 4.99.1-1.2
- (no CPE)range: < 4.9.2-3.9.1
- (no CPE)range: < 4.9.2-3.9.1
- (no CPE)range: < 4.9.2-14.17.1
- (no CPE)range: < 4.9.2-14.17.1
Patches
2d9a693b04326VERSION set for release
1 file changed · +1 −1
VERSION+1 −1 modified@@ -1 +1 @@ -4.9.3rc2 +4.9.3
9ba91381954a(for 4.9.3) CVE-2018-14879/fix -V to fail invalid input safely
1 file changed · +4 −2
tcpdump.c+4 −2 modified@@ -699,13 +699,15 @@ static char * get_next_file(FILE *VFile, char *ptr) { char *ret; + size_t len; ret = fgets(ptr, PATH_MAX, VFile); if (!ret) return NULL; - if (ptr[strlen(ptr) - 1] == '\n') - ptr[strlen(ptr) - 1] = '\0'; + len = strlen (ptr); + if (len > 0 && ptr[len - 1] == '\n') + ptr[len - 1] = '\0'; return ret; }
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
17- lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/mitrevendor-advisoryx_refsource_FEDORA
- usn.ubuntu.com/4252-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4252-2/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2019/dsa-4547mitrevendor-advisoryx_refsource_DEBIAN
- seclists.org/fulldisclosure/2019/Dec/26mitremailing-listx_refsource_FULLDISC
- github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGESmitrex_refsource_MISC
- github.com/the-tcpdump-group/tcpdump/commit/9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6mitrex_refsource_CONFIRM
- lists.debian.org/debian-lts-announce/2019/10/msg00015.htmlmitremailing-listx_refsource_MLIST
- seclists.org/bugtraq/2019/Dec/23mitremailing-listx_refsource_BUGTRAQ
- seclists.org/bugtraq/2019/Oct/28mitremailing-listx_refsource_BUGTRAQ
- security.netapp.com/advisory/ntap-20200120-0001/mitrex_refsource_CONFIRM
- support.apple.com/kb/HT210788mitrex_refsource_CONFIRM
- support.f5.com/csp/article/K51512510mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.