CVE-2019-1010220
Description
A buffer over-read in tcpdump 4.9.2’s print_prefix() function can leak stack data when processing a crafted pcap file; fixed in 4.9.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer over-read in tcpdump 4.9.2’s `print_prefix()` function can leak stack data when processing a crafted pcap file; fixed in 4.9.3.
Vulnerability
A buffer over-read vulnerability exists in tcpdump version 4.9.2 in the function print_prefix() located in print-hncp.c at line 234 [1][3]. The affected code performs an ND_PRINT call using the format "%s" on a buffer buf without proper bounds checking, leading to a CWE-126 buffer over-read condition [1]. This occurs when tcpdump parses a specially crafted pcap file [1].
Exploitation
An attacker must craft a malicious pcap file that triggers the over-read in print_prefix() [1]. The victim must open this file using tcpdump 4.9.2 [1][2]. No special network position or authentication is required; the attack vector is purely local file-based [1].
Impact
Successful exploitation can cause tcpdump to read beyond the intended buffer boundary, potentially exposing sensitive stack data such as the Saved Frame Pointer and Return Address [1]. In some configurations, an attacker might leverage this information disclosure to achieve arbitrary code execution [1][2].
Mitigation
The vulnerability is fixed in tcpdump version 4.9.3, released as part of USN-4252-1 and USN-4252-2 [1][2]. Ubuntu users should update to the package version 4.9.3-0ubuntu0.18.04.1 (for 18.04 LTS) or the equivalent for other supported releases [2]. Users of the upstream tcpdump should upgrade to version 4.9.3 or later [1]. No workaround is available for version 4.9.2.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
12- osv-coords10 versionspkg:rpm/opensuse/tcpdump&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/tcpdump&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/tcpdump&distro=openSUSE%20Tumbleweedpkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
< 4.9.2-lp151.4.3.1+ 9 more
- (no CPE)range: < 4.9.2-lp151.4.3.1
- (no CPE)range: < 4.9.2-lp151.4.3.1
- (no CPE)range: < 4.99.1-1.2
- (no CPE)range: < 4.9.2-14.11.1
- (no CPE)range: < 4.9.2-3.6.1
- (no CPE)range: < 4.9.2-3.6.1
- (no CPE)range: < 4.9.2-14.11.1
- (no CPE)range: < 4.9.2-14.17.1
- (no CPE)range: < 4.9.2-14.11.1
- (no CPE)range: < 4.9.2-14.17.1
- tcpdump.org/tcpdumpv5Range: 4.9.2
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
11- lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/mitrevendor-advisoryx_refsource_FEDORA
- usn.ubuntu.com/4252-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4252-2/mitrevendor-advisoryx_refsource_UBUNTU
- github.com/the-tcpdump-group/tcpdump/blob/master/print-hncp.cmitrex_refsource_MISC
- github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9.2/print-hncp.cmitrex_refsource_MISC
- github.com/the-tcpdump-group/tcpdump/commits/master/print-hncp.cmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.