Vendor CVEs
Tcpdump
All CVEs
195 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5202 | Cri | 0.64 | 9.8 | 0.04 | Jan 28, 2017 | The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print(). | ||
| CVE-2016-8575 | Cri | 0.64 | 9.8 | 0.06 | Jan 28, 2017 | The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482. | ||
| CVE-2016-8574 | Cri | 0.64 | 9.8 | 0.03 | Jan 28, 2017 | The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print(). | ||
| CVE-2016-7993 | Cri | 0.64 | 9.8 | 0.03 | Jan 28, 2017 | A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM). | ||
| CVE-2016-7992 | Cri | 0.64 | 9.8 | 0.03 | Jan 28, 2017 | The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-cip.c:cip_if_print(). | ||
| CVE-2016-7986 | Cri | 0.64 | 9.8 | 0.03 | Jan 28, 2017 | The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions. | ||
| CVE-2016-7985 | Cri | 0.64 | 9.8 | 0.03 | Jan 28, 2017 | The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calm_fast_print(). | ||
| CVE-2016-7984 | Cri | 0.64 | 9.8 | 0.03 | Jan 28, 2017 | The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-tftp.c:tftp_print(). | ||
| CVE-2016-7983 | Cri | 0.64 | 9.8 | 0.04 | Jan 28, 2017 | The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print(). | ||
| CVE-2016-7975 | Cri | 0.64 | 9.8 | 0.03 | Jan 28, 2017 | The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print(). | ||
| CVE-2016-7974 | Cri | 0.64 | 9.8 | 0.03 | Jan 28, 2017 | The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions. | ||
| CVE-2016-7973 | Cri | 0.64 | 9.8 | 0.03 | Jan 28, 2017 | The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions. | ||
| CVE-2016-7940 | Cri | 0.64 | 9.8 | 0.03 | Jan 28, 2017 | The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions. | ||
| CVE-2016-7939 | Cri | 0.64 | 9.8 | 0.03 | Jan 28, 2017 | The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions. | ||
| CVE-2016-7938 | Cri | 0.64 | 9.8 | 0.03 | Jan 28, 2017 | The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame(). | ||
| CVE-2016-7937 | Cri | 0.64 | 9.8 | 0.03 | Jan 28, 2017 | The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print(). | ||
| CVE-2016-7936 | Cri | 0.64 | 9.8 | 0.03 | Jan 28, 2017 | The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print(). | ||
| CVE-2016-7935 | Cri | 0.64 | 9.8 | 0.03 | Jan 28, 2017 | The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print(). | ||
| CVE-2016-7934 | Cri | 0.64 | 9.8 | 0.03 | Jan 28, 2017 | The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcp_print(). | ||
| CVE-2016-7933 | Cri | 0.64 | 9.8 | 0.03 | Jan 28, 2017 | The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print-ppp.c:ppp_hdlc_if_print(). | ||
| CVE-2016-7932 | Cri | 0.64 | 9.8 | 0.03 | Jan 28, 2017 | The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum(). | ||
| CVE-2016-7931 | Cri | 0.64 | 9.8 | 0.03 | Jan 28, 2017 | The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mpls_print(). | ||
| CVE-2016-7930 | Cri | 0.64 | 9.8 | 0.03 | Jan 28, 2017 | The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print(). | ||
| CVE-2016-7929 | Cri | 0.64 | 9.8 | 0.03 | Jan 28, 2017 | The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniper_parse_header(). | ||
| CVE-2016-7928 | Cri | 0.64 | 9.8 | 0.03 | Jan 28, 2017 | The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcomp_print(). | ||
| CVE-2016-7927 | Cri | 0.64 | 9.8 | 0.03 | Jan 28, 2017 | The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in print-802_11.c:ieee802_11_radio_print(). | ||
| CVE-2016-7926 | Cri | 0.64 | 9.8 | 0.03 | Jan 28, 2017 | The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print(). | ||
| CVE-2016-7925 | Cri | 0.64 | 9.8 | 0.03 | Jan 28, 2017 | The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overflow in print-sl.c:sl_if_print(). | ||
| CVE-2016-7924 | Cri | 0.64 | 9.8 | 0.03 | Jan 28, 2017 | The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oam_print(). | ||
| CVE-2016-7923 | Cri | 0.64 | 9.8 | 0.03 | Jan 28, 2017 | The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print(). | ||
| CVE-2016-7922 | Cri | 0.64 | 9.8 | 0.03 | Jan 28, 2017 | The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print(). | ||
| CVE-2017-12989 | Hig | 0.49 | 7.5 | 0.02 | Sep 14, 2017 | The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-resp.c:resp_get_length(). | ||
| CVE-2017-11108 | Hig | 0.49 | 7.5 | 0.05 | Jul 8, 2017 | tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol. | ||
| CVE-2015-3138 | Hig | 0.42 | 7.5 | 0.02 | Sep 28, 2017 | print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash). | ||
| CVE-2017-16808 | Med | 0.36 | 5.5 | 0.03 | Nov 13, 2017 | tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c. | ||
| CVE-2024-2397 | Med | 0.33 | 6.2 | 0.00 | Apr 12, 2024 | Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21. | ||
| CVE-2004-0184 | 0.08 | — | 0.60 | May 4, 2004 | Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an… | |||
| CVE-2025-11964 | Low | 0.05 | 1.9 | 0.00 | Dec 31, 2025 | On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4 bytes, utf_16le_to_utf_8_truncated() can write data beyond the end of the provided buffer. | ||
| CVE-2025-11961 | Low | 0.05 | 1.9 | 0.00 | Dec 31, 2025 | pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an… | ||
| CVE-2015-2153 | 0.05 | — | 0.19 | Mar 24, 2015 | The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU). | |||
| CVE-2014-8768 | 0.05 | — | 0.20 | Nov 20, 2014 | Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame. | |||
| CVE-2005-1267 | 0.04 | — | 0.14 | Jun 10, 2005 | The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet. | |||
| CVE-2005-1279 | 0.04 | — | 0.19 | May 2, 2005 | tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function. | |||
| CVE-2005-1278 | 0.04 | — | 0.11 | May 2, 2005 | The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet. | |||
| CVE-2005-1280 | 0.04 | — | 0.10 | May 2, 2005 | The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4. | |||
| CVE-2003-1029 | 0.04 | — | 0.10 | Feb 17, 2004 | The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets. | |||
| CVE-2003-0108 | 0.04 | — | 0.11 | Mar 7, 2003 | isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed ISAKMP packet to UDP port 500, which causes tcpdump to enter an infinite loop. | |||
| CVE-2000-0333 | 0.04 | — | 0.08 | May 31, 1999 | tcpdump, Ethereal, and other sniffer packages allow remote attackers to cause a denial of service via malformed DNS packets in which a jump offset refers to itself, which causes tcpdump to enter an infinite loop while decompressing the packet. | |||
| CVE-1999-1024 | 0.03 | — | 0.03 | Nov 28, 2001 | ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a denial of service via a packet with a zero length header, which causes an infinite loop and core dump when tcpdump prints the packet. | |||
| CVE-2018-16229 | 0.01 | — | 0.07 | Oct 3, 2019 | The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option(). |
- risk 0.64cvss 9.8epss 0.04
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
- risk 0.64cvss 9.8epss 0.06
The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482.
- risk 0.64cvss 9.8epss 0.03
The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print().
- risk 0.64cvss 9.8epss 0.03
A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM).
- risk 0.64cvss 9.8epss 0.03
The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-cip.c:cip_if_print().
- risk 0.64cvss 9.8epss 0.03
The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions.
- risk 0.64cvss 9.8epss 0.03
The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calm_fast_print().
- risk 0.64cvss 9.8epss 0.03
The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-tftp.c:tftp_print().
- risk 0.64cvss 9.8epss 0.04
The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().
- risk 0.64cvss 9.8epss 0.03
The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print().
- risk 0.64cvss 9.8epss 0.03
The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions.
- risk 0.64cvss 9.8epss 0.03
The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions.
- risk 0.64cvss 9.8epss 0.03
The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions.
- risk 0.64cvss 9.8epss 0.03
The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions.
- risk 0.64cvss 9.8epss 0.03
The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame().
- risk 0.64cvss 9.8epss 0.03
The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print().
- risk 0.64cvss 9.8epss 0.03
The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print().
- risk 0.64cvss 9.8epss 0.03
The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print().
- risk 0.64cvss 9.8epss 0.03
The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcp_print().
- risk 0.64cvss 9.8epss 0.03
The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print-ppp.c:ppp_hdlc_if_print().
- risk 0.64cvss 9.8epss 0.03
The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum().
- risk 0.64cvss 9.8epss 0.03
The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mpls_print().
- risk 0.64cvss 9.8epss 0.03
The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print().
- risk 0.64cvss 9.8epss 0.03
The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniper_parse_header().
- risk 0.64cvss 9.8epss 0.03
The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcomp_print().
- risk 0.64cvss 9.8epss 0.03
The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in print-802_11.c:ieee802_11_radio_print().
- risk 0.64cvss 9.8epss 0.03
The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print().
- risk 0.64cvss 9.8epss 0.03
The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overflow in print-sl.c:sl_if_print().
- risk 0.64cvss 9.8epss 0.03
The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oam_print().
- risk 0.64cvss 9.8epss 0.03
The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print().
- risk 0.64cvss 9.8epss 0.03
The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print().
- risk 0.49cvss 7.5epss 0.02
The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-resp.c:resp_get_length().
- risk 0.49cvss 7.5epss 0.05
tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol.
- risk 0.42cvss 7.5epss 0.02
print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).
- risk 0.36cvss 5.5epss 0.03
tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.
- risk 0.33cvss 6.2epss 0.00
Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21.
- CVE-2004-0184May 4, 2004risk 0.08cvss —epss 0.60
Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an…
- risk 0.05cvss 1.9epss 0.00
On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4 bytes, utf_16le_to_utf_8_truncated() can write data beyond the end of the provided buffer.
- risk 0.05cvss 1.9epss 0.00
pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an…
- CVE-2015-2153Mar 24, 2015risk 0.05cvss —epss 0.19
The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU).
- CVE-2014-8768Nov 20, 2014risk 0.05cvss —epss 0.20
Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.
- CVE-2005-1267Jun 10, 2005risk 0.04cvss —epss 0.14
The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.
- CVE-2005-1279May 2, 2005risk 0.04cvss —epss 0.19
tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function.
- CVE-2005-1278May 2, 2005risk 0.04cvss —epss 0.11
The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet.
- CVE-2005-1280May 2, 2005risk 0.04cvss —epss 0.10
The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4.
- CVE-2003-1029Feb 17, 2004risk 0.04cvss —epss 0.10
The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets.
- CVE-2003-0108Mar 7, 2003risk 0.04cvss —epss 0.11
isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed ISAKMP packet to UDP port 500, which causes tcpdump to enter an infinite loop.
- CVE-2000-0333May 31, 1999risk 0.04cvss —epss 0.08
tcpdump, Ethereal, and other sniffer packages allow remote attackers to cause a denial of service via malformed DNS packets in which a jump offset refers to itself, which causes tcpdump to enter an infinite loop while decompressing the packet.
- CVE-1999-1024Nov 28, 2001risk 0.03cvss —epss 0.03
ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a denial of service via a packet with a zero length header, which causes an infinite loop and core dump when tcpdump prints the packet.
- CVE-2018-16229Oct 3, 2019risk 0.01cvss —epss 0.07
The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().
Page 3 of 4