CVE-2018-16227
Description
A buffer over-read in tcpdump's IEEE 802.11 parser before 4.9.3 allows remote attackers to cause a denial of service or leak memory via crafted Mesh Flags subfield.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer over-read in tcpdump's IEEE 802.11 parser before 4.9.3 allows remote attackers to cause a denial of service or leak memory via crafted Mesh Flags subfield.
Vulnerability
The IEEE 802.11 parser in tcpdump versions prior to 4.9.3 contains a buffer over-read vulnerability in the print-802_11.c file, specifically when processing the Mesh Flags subfield. An attacker can trigger this by sending a specially crafted 802.11 frame that causes the parser to read beyond the allocated buffer boundaries. The issue is present in all versions before the fix was applied in 4.9.3 [2].
Exploitation
An attacker within radio range of a target system running a vulnerable version of tcpdump can exploit this vulnerability by transmitting a malicious 802.11 frame with an invalid Mesh Flags subfield. No authentication or prior access is required; the attacker only needs to be able to send wireless frames that reach the target. When tcpdump captures and parses such a frame, the over-read occurs during the parsing of the Mesh Flags field.
Impact
Successful exploitation can lead to a denial of service (crash of tcpdump) or, in some cases, information disclosure through the leakage of sensitive memory contents. The impact is limited to the tcpdump process itself; no code execution has been reported for this vulnerability.
Mitigation
The vulnerability is fixed in tcpdump version 4.9.3 [2]. Users should upgrade to this version or later. Downstream distributions, such as Fedora, have also released updated packages. No workarounds are available; the only mitigation is to apply the patch or update to the fixed version.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
8- tcpdump/tcpdumpdescription
- osv-coords7 versionspkg:rpm/opensuse/tcpdump&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/tcpdump&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/tcpdump&distro=openSUSE%20Tumbleweedpkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
< 4.9.2-lp150.10.1+ 6 more
- (no CPE)range: < 4.9.2-lp150.10.1
- (no CPE)range: < 4.9.2-lp151.4.6.1
- (no CPE)range: < 4.99.1-1.2
- (no CPE)range: < 4.9.2-3.9.1
- (no CPE)range: < 4.9.2-3.9.1
- (no CPE)range: < 4.9.2-14.17.1
- (no CPE)range: < 4.9.2-14.17.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
16- lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/mitrevendor-advisoryx_refsource_FEDORA
- usn.ubuntu.com/4252-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4252-2/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2019/dsa-4547mitrevendor-advisoryx_refsource_DEBIAN
- seclists.org/fulldisclosure/2019/Dec/26mitremailing-listx_refsource_FULLDISC
- github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGESmitrex_refsource_MISC
- github.com/the-tcpdump-group/tcpdump/commit/4846b3c5d0a850e860baf4f07340495d29837d09mitrex_refsource_CONFIRM
- lists.debian.org/debian-lts-announce/2019/10/msg00015.htmlmitremailing-listx_refsource_MLIST
- seclists.org/bugtraq/2019/Dec/23mitremailing-listx_refsource_BUGTRAQ
- seclists.org/bugtraq/2019/Oct/28mitremailing-listx_refsource_BUGTRAQ
- security.netapp.com/advisory/ntap-20200120-0001/mitrex_refsource_CONFIRM
- support.apple.com/kb/HT210788mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.