Tcpdump
by Lbl
CVEs (16)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-1267 | 0.04 | — | 0.14 | Jun 10, 2005 | The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet. | |||
| CVE-2005-1280 | 0.04 | — | 0.10 | May 2, 2005 | The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4. | |||
| CVE-2005-1279 | 0.04 | — | 0.19 | May 2, 2005 | tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function. | |||
| CVE-2005-1278 | 0.04 | — | 0.11 | May 2, 2005 | The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet. | |||
| CVE-2003-1029 | 0.04 | — | 0.10 | Feb 17, 2004 | The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets. | |||
| CVE-2003-0108 | 0.04 | — | 0.11 | Mar 7, 2003 | isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed ISAKMP packet to UDP port 500, which causes tcpdump to enter an infinite loop. | |||
| CVE-2000-0333 | 0.04 | — | 0.08 | May 31, 1999 | tcpdump, Ethereal, and other sniffer packages allow remote attackers to cause a denial of service via malformed DNS packets in which a jump offset refers to itself, which causes tcpdump to enter an infinite loop while decompressing the packet. | |||
| CVE-1999-1024 | 0.03 | — | 0.03 | Nov 28, 2001 | ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a denial of service via a packet with a zero length header, which causes an infinite loop and core dump when tcpdump prints the packet. | |||
| CVE-2000-1026 | 0.03 | — | 0.06 | Dec 11, 2000 | Multiple buffer overflows in LBNL tcpdump allow remote attackers to execute arbitrary commands. | |||
| CVE-2004-0055 | 0.00 | — | 0.04 | Feb 17, 2004 | The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value. | |||
| CVE-2004-0057 | 0.00 | — | 0.05 | Feb 17, 2004 | The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different… | |||
| CVE-2003-0145 | 0.00 | — | 0.02 | Mar 31, 2003 | Unknown vulnerability in tcpdump before 3.7.2 related to an inability to "Handle unknown RADIUS attributes properly," allows remote attackers to cause a denial of service (infinite loop), a different vulnerability than CAN-2003-0093. | |||
| CVE-2003-0093 | 0.00 | — | 0.02 | Mar 3, 2003 | The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service (crash) via an invalid RADIUS packet with a header length field of 0, which causes tcpdump to generate data within an infinite loop. | |||
| CVE-2002-1350 | 0.00 | — | 0.02 | Dec 23, 2002 | The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly copy data, which allows remote attackers to cause a denial of service (application crash). | |||
| CVE-2002-0380 | 0.00 | — | 0.05 | Jun 18, 2002 | Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via an NFS packet. | |||
| CVE-2001-1279 | 0.00 | — | 0.05 | Jul 17, 2001 | Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026. |
- CVE-2005-1267Jun 10, 2005risk 0.04cvss —epss 0.14
The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.
- CVE-2005-1280May 2, 2005risk 0.04cvss —epss 0.10
The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4.
- CVE-2005-1279May 2, 2005risk 0.04cvss —epss 0.19
tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function.
- CVE-2005-1278May 2, 2005risk 0.04cvss —epss 0.11
The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet.
- CVE-2003-1029Feb 17, 2004risk 0.04cvss —epss 0.10
The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets.
- CVE-2003-0108Mar 7, 2003risk 0.04cvss —epss 0.11
isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed ISAKMP packet to UDP port 500, which causes tcpdump to enter an infinite loop.
- CVE-2000-0333May 31, 1999risk 0.04cvss —epss 0.08
tcpdump, Ethereal, and other sniffer packages allow remote attackers to cause a denial of service via malformed DNS packets in which a jump offset refers to itself, which causes tcpdump to enter an infinite loop while decompressing the packet.
- CVE-1999-1024Nov 28, 2001risk 0.03cvss —epss 0.03
ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a denial of service via a packet with a zero length header, which causes an infinite loop and core dump when tcpdump prints the packet.
- CVE-2000-1026Dec 11, 2000risk 0.03cvss —epss 0.06
Multiple buffer overflows in LBNL tcpdump allow remote attackers to execute arbitrary commands.
- CVE-2004-0055Feb 17, 2004risk 0.00cvss —epss 0.04
The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value.
- CVE-2004-0057Feb 17, 2004risk 0.00cvss —epss 0.05
The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different…
- CVE-2003-0145Mar 31, 2003risk 0.00cvss —epss 0.02
Unknown vulnerability in tcpdump before 3.7.2 related to an inability to "Handle unknown RADIUS attributes properly," allows remote attackers to cause a denial of service (infinite loop), a different vulnerability than CAN-2003-0093.
- CVE-2003-0093Mar 3, 2003risk 0.00cvss —epss 0.02
The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service (crash) via an invalid RADIUS packet with a header length field of 0, which causes tcpdump to generate data within an infinite loop.
- CVE-2002-1350Dec 23, 2002risk 0.00cvss —epss 0.02
The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly copy data, which allows remote attackers to cause a denial of service (application crash).
- CVE-2002-0380Jun 18, 2002risk 0.00cvss —epss 0.05
Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via an NFS packet.
- CVE-2001-1279Jul 17, 2001risk 0.00cvss —epss 0.05
Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026.