rpm package

suse/tcpdump&distro=SUSE Linux Enterprise Desktop 12 SP3

pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3

Vulnerabilities (91)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2017-12899	Cri	9.8	< 4.9.2-14.5.1	4.9.2-14.5.1	Sep 14, 2017	The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().
CVE-2017-12898	Cri	9.8	< 4.9.2-14.5.1	4.9.2-14.5.1	Sep 14, 2017	The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply().
CVE-2017-12897	Cri	9.8	< 4.9.2-14.5.1	4.9.2-14.5.1	Sep 14, 2017	The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print().
CVE-2017-12896	Cri	9.8	< 4.9.2-14.5.1	4.9.2-14.5.1	Sep 14, 2017	The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().
CVE-2017-12895	Cri	9.8	< 4.9.2-14.5.1	4.9.2-14.5.1	Sep 14, 2017	The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().
CVE-2017-12894	Cri	9.8	< 4.9.2-14.5.1	4.9.2-14.5.1	Sep 14, 2017	Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring().
CVE-2017-12893	Cri	9.8	< 4.9.2-14.5.1	4.9.2-14.5.1	Sep 14, 2017	The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len().
CVE-2017-11543	Cri	9.8	< 4.9.2-14.5.1	4.9.2-14.5.1	Jul 23, 2017	tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c.
CVE-2017-11542	Cri	9.8	< 4.9.2-14.5.1	4.9.2-14.5.1	Jul 23, 2017	tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.
CVE-2017-11541	Cri	9.8	< 4.9.2-14.5.1	4.9.2-14.5.1	Jul 23, 2017	tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c.
CVE-2017-11108	Hig	7.5	< 4.9.2-14.5.1	4.9.2-14.5.1	Jul 8, 2017	tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol.

CVE-2017-12899CriSep 14, 2017
affected < 4.9.2-14.5.1fixed 4.9.2-14.5.1
The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().
CVE-2017-12898CriSep 14, 2017
affected < 4.9.2-14.5.1fixed 4.9.2-14.5.1
The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply().
CVE-2017-12897CriSep 14, 2017
affected < 4.9.2-14.5.1fixed 4.9.2-14.5.1
The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print().
CVE-2017-12896CriSep 14, 2017
affected < 4.9.2-14.5.1fixed 4.9.2-14.5.1
The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().
CVE-2017-12895CriSep 14, 2017
affected < 4.9.2-14.5.1fixed 4.9.2-14.5.1
The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().
CVE-2017-12894CriSep 14, 2017
affected < 4.9.2-14.5.1fixed 4.9.2-14.5.1
Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring().
CVE-2017-12893CriSep 14, 2017
affected < 4.9.2-14.5.1fixed 4.9.2-14.5.1
The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len().
CVE-2017-11543CriJul 23, 2017
affected < 4.9.2-14.5.1fixed 4.9.2-14.5.1
tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c.
CVE-2017-11542CriJul 23, 2017
affected < 4.9.2-14.5.1fixed 4.9.2-14.5.1
tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.
CVE-2017-11541CriJul 23, 2017
affected < 4.9.2-14.5.1fixed 4.9.2-14.5.1
tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c.
CVE-2017-11108HigJul 8, 2017
affected < 4.9.2-14.5.1fixed 4.9.2-14.5.1
tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol.

Page 5 of 5