Tcpdump
by Tcpdump
Source repositories
CVEs (186)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-1278 | 0.04 | — | 0.11 | May 2, 2005 | The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet. | |||
| CVE-2005-1279 | 0.04 | — | 0.19 | May 2, 2005 | tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function. | |||
| CVE-2003-1029 | 0.04 | — | 0.10 | Feb 17, 2004 | The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets. | |||
| CVE-2003-0108 | 0.04 | — | 0.11 | Mar 7, 2003 | isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed ISAKMP packet to UDP port 500, which causes tcpdump to enter an infinite loop. | |||
| CVE-2000-0333 | 0.04 | — | 0.08 | May 31, 1999 | tcpdump, Ethereal, and other sniffer packages allow remote attackers to cause a denial of service via malformed DNS packets in which a jump offset refers to itself, which causes tcpdump to enter an infinite loop while decompressing the packet. | |||
| CVE-1999-1024 | 0.03 | — | 0.03 | Nov 28, 2001 | ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a denial of service via a packet with a zero length header, which causes an infinite loop and core dump when tcpdump prints the packet. | |||
| CVE-2018-16229 | 0.01 | — | 0.07 | Oct 3, 2019 | The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option(). | |||
| CVE-2015-2155 | 0.01 | — | 0.08 | Mar 24, 2015 | The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | |||
| CVE-2015-0261 | 0.01 | — | 0.07 | Mar 24, 2015 | Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value. | |||
| CVE-2023-1801 | 0.00 | — | 0.01 | Apr 7, 2023 | The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet. | |||
| CVE-2019-15167 | 0.00 | — | 0.01 | Aug 27, 2022 | The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463. | |||
| CVE-2020-8036 | 0.00 | — | 0.01 | Nov 4, 2020 | The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way. | |||
| CVE-2020-8037 | 0.00 | — | 0.03 | Nov 4, 2020 | The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. | |||
| CVE-2019-15166 | 0.00 | — | 0.05 | Oct 3, 2019 | lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. | |||
| CVE-2018-16452 | 0.00 | — | 0.04 | Oct 3, 2019 | The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion. | |||
| CVE-2018-16451 | 0.00 | — | 0.04 | Oct 3, 2019 | The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. | |||
| CVE-2018-16301 | 0.00 | — | 0.01 | Oct 3, 2019 | The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of… | |||
| CVE-2018-16300 | 0.00 | — | 0.04 | Oct 3, 2019 | The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. | |||
| CVE-2018-16230 | 0.00 | — | 0.04 | Oct 3, 2019 | The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). | |||
| CVE-2018-14882 | 0.00 | — | 0.04 | Oct 3, 2019 | The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. |
- CVE-2005-1278May 2, 2005risk 0.04cvss —epss 0.11
The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet.
- CVE-2005-1279May 2, 2005risk 0.04cvss —epss 0.19
tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function.
- CVE-2003-1029Feb 17, 2004risk 0.04cvss —epss 0.10
The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets.
- CVE-2003-0108Mar 7, 2003risk 0.04cvss —epss 0.11
isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed ISAKMP packet to UDP port 500, which causes tcpdump to enter an infinite loop.
- CVE-2000-0333May 31, 1999risk 0.04cvss —epss 0.08
tcpdump, Ethereal, and other sniffer packages allow remote attackers to cause a denial of service via malformed DNS packets in which a jump offset refers to itself, which causes tcpdump to enter an infinite loop while decompressing the packet.
- CVE-1999-1024Nov 28, 2001risk 0.03cvss —epss 0.03
ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a denial of service via a packet with a zero length header, which causes an infinite loop and core dump when tcpdump prints the packet.
- CVE-2018-16229Oct 3, 2019risk 0.01cvss —epss 0.07
The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().
- CVE-2015-2155Mar 24, 2015risk 0.01cvss —epss 0.08
The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
- CVE-2015-0261Mar 24, 2015risk 0.01cvss —epss 0.07
Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value.
- CVE-2023-1801Apr 7, 2023risk 0.00cvss —epss 0.01
The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet.
- CVE-2019-15167Aug 27, 2022risk 0.00cvss —epss 0.01
The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463.
- CVE-2020-8036Nov 4, 2020risk 0.00cvss —epss 0.01
The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way.
- CVE-2020-8037Nov 4, 2020risk 0.00cvss —epss 0.03
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
- CVE-2019-15166Oct 3, 2019risk 0.00cvss —epss 0.05
lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.
- CVE-2018-16452Oct 3, 2019risk 0.00cvss —epss 0.04
The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.
- CVE-2018-16451Oct 3, 2019risk 0.00cvss —epss 0.04
The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.
- CVE-2018-16301Oct 3, 2019risk 0.00cvss —epss 0.01
The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of…
- CVE-2018-16300Oct 3, 2019risk 0.00cvss —epss 0.04
The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.
- CVE-2018-16230Oct 3, 2019risk 0.00cvss —epss 0.04
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).
- CVE-2018-14882Oct 3, 2019risk 0.00cvss —epss 0.04
The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.
Page 8 of 10