CVE-2023-1801
Description
In tcpdump 4.99.3, the SMB protocol decoder has an out-of-bounds write when parsing a crafted network packet.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In tcpdump 4.99.3, the SMB protocol decoder has an out-of-bounds write when parsing a crafted network packet.
Vulnerability
The SMB protocol decoder in tcpdump version 4.99.3 performs an out-of-bounds write when decoding a crafted network packet. The vulnerability exists in the code path that handles SMB packets; no special configuration is required beyond using tcpdump to capture or process network traffic containing a maliciously crafted SMB packet [3][4].
Exploitation
An attacker can trigger this vulnerability by sending a specially crafted SMB packet over the network that is then captured and processed by tcpdump 4.99.3. No authentication is required, as the attacker only needs to be able to deliver the crafted packet to the target system where tcpdump is running. The vulnerability is reached during packet decoding without user interaction beyond running tcpdump in its normal operation [3][4].
Impact
Successful exploitation results in an out-of-bounds write, which can cause a crash or potentially allow arbitrary code execution in the context of the tcpdump process. This compromises the confidentiality, integrity, and availability of the system running the vulnerable version [3][4].
Mitigation
A fix has been implemented in the tcpdump repository by introducing a common routine nd_format_time for converting dates and times to strings, replacing vulnerable gmtime/strftime calls. Users should upgrade to a patched version of tcpdump beyond 4.99.3. As of the publication date, Apple’s security advisories for macOS (references [1] and [2]) do not mention this specific CVE; the vulnerability is in tcpdump itself, and users are advised to update the tcpdump package from their respective sources [3][4].
- About the security content of macOS Monterey 12.6.8 - Apple Support
- About the security content of macOS Big Sur 11.7.9 - Apple Support
- Have a common routine for converting dates and times to strings. · the-tcpdump-group/tcpdump@03c037b
- Have a common routine for converting dates and times to strings. · the-tcpdump-group/tcpdump@7578e1c
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- The Tcpdump Group/tcpdumpv5Range: 4.99.3
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The SMB protocol decoder in tcpdump performs an out-of-bounds write when processing a crafted network packet."
Attack vector
An attacker can trigger this vulnerability by sending a specially crafted SMB network packet to a system running tcpdump. The malformed packet causes an out-of-bounds write during the SMB protocol decoding process. This can lead to a crash or potentially other unintended behavior.
Affected code
The vulnerability lies within the SMB protocol decoder in tcpdump. The changes in the provided patches, specifically the introduction and usage of the `nd_format_time` function, indicate that the affected code paths involve time formatting routines within the SMB dissector and other related modules.
What the fix does
The patch introduces a common routine for converting dates and times to strings, named `nd_format_time`. This function is used in various places where time formatting was previously handled directly with `strftime`. The changes aim to standardize time formatting and ensure that buffer sizes are correctly handled, preventing potential out-of-bounds writes that could occur with malformed input or incorrect buffer calculations.
Generated on Jun 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/the-tcpdump-group/tcpdump/commit/03c037bbd75588beba3ee09f26d17783d21e30bcmitrepatch
- github.com/the-tcpdump-group/tcpdump/commit/7578e1c04ee280dda50c4c2813e7d55f539c6501mitrepatch
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOA2BJFERAC3VRQIRHJOWN4HZY4ZA7CH/mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYL5DEVHRJYF2CM5LTCZKEYFYDZAIZSN/mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLLZCG23MU6O4QOG2CX3DLEL3YXP6LAI/mitre
- support.apple.com/kb/HT213844mitre
- support.apple.com/kb/HT213845mitre
News mentions
0No linked articles in our index yet.