Multiple vulnerabilities in Tcpdump



Published: 2017-09-13
Risk Low
Patch available YES
Number of vulnerabilities 89
CVE-ID CVE-2017-11541
CVE-2017-11542
CVE-2017-11543
CVE-2017-12893
CVE-2017-12894
CVE-2017-12895
CVE-2017-12896
CVE-2017-12897
CVE-2017-12898
CVE-2017-12899
CVE-2017-12900
CVE-2017-12901
CVE-2017-12902
CVE-2017-12985
CVE-2017-12986
CVE-2017-12987
CVE-2017-12988
CVE-2017-12989
CVE-2017-12990
CVE-2017-12991
CVE-2017-12992
CVE-2017-12993
CVE-2017-12994
CVE-2017-12995
CVE-2017-12996
CVE-2017-12997
CVE-2017-12998
CVE-2017-12999
CVE-2017-13000
CVE-2017-13001
CVE-2017-13002
CVE-2017-13003
CVE-2017-13004
CVE-2017-13005
CVE-2017-13006
CVE-2017-13007
CVE-2017-13008
CVE-2017-13009
CVE-2017-13010
CVE-2017-13011
CVE-2017-13012
CVE-2017-13013
CVE-2017-13014
CVE-2017-13015
CVE-2017-13016
CVE-2017-13017
CVE-2017-13018
CVE-2017-13019
CVE-2017-13020
CVE-2017-13021
CVE-2017-13022
CVE-2017-13023
CVE-2017-13024
CVE-2017-13025
CVE-2017-13026
CVE-2017-13027
CVE-2017-13028
CVE-2017-13029
CVE-2017-13030
CVE-2017-13031
CVE-2017-13032
CVE-2017-13033
CVE-2017-13034
CVE-2017-13035
CVE-2017-13036
CVE-2017-13037
CVE-2017-13038
CVE-2017-13039
CVE-2017-13040
CVE-2017-13041
CVE-2017-13042
CVE-2017-13043
CVE-2017-13044
CVE-2017-13045
CVE-2017-13046
CVE-2017-13047
CVE-2017-13048
CVE-2017-13049
CVE-2017-13050
CVE-2017-13051
CVE-2017-13052
CVE-2017-13053
CVE-2017-13054
CVE-2017-13055
CVE-2017-13687
CVE-2017-13688
CVE-2017-13689
CVE-2017-13690
CVE-2017-13725
CWE-ID CWE-126
CWE-120
CWE-835
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Tcpdump
Server applications / DLP, anti-spam, sniffers

Vendor Tcpdump.org

Security Bulletin

This security bulletin contains information about 89 vulnerabilities.

1) Buffer over-read

EUVDB-ID: #VU8336

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-11541

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the safeputs component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer over-read

EUVDB-ID: #VU8337

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-11542

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the PIMv1 component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU8330

Risk: Low

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-11543

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists due to boundary error in the sliplink_print function in print-sl.c. A remote attacker can send specially crafted data, trigger buffer overflow and cause the application to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer over-read

EUVDB-ID: #VU8338

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12893

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the SMB/CIFS component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Buffer over-read

EUVDB-ID: #VU8339

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12894

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the lookup_bytestring component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer over-read

EUVDB-ID: #VU8340

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12895

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the ICMP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer over-read

EUVDB-ID: #VU8342

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12896

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the ISAKMP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Buffer over-read

EUVDB-ID: #VU8344

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12897

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the ISO CLNS component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer over-read

EUVDB-ID: #VU8345

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12898

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the NFS component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer over-read

EUVDB-ID: #VU8348

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12899

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the DECnet component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Buffer over-read

EUVDB-ID: #VU8349

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12900

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the tok2strbuf component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Buffer over-read

EUVDB-ID: #VU8350

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12901

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the EIGRP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Buffer over-read

EUVDB-ID: #VU8351

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12902

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the Zephyr component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Buffer over-read

EUVDB-ID: #VU8352

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12985

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the IPv6 component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Buffer over-read

EUVDB-ID: #VU8353

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12986

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the IPv6 routing headers component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Buffer over-read

EUVDB-ID: #VU8358

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12987

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the IEEE 802.11 component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Buffer over-read

EUVDB-ID: #VU8360

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12988

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the telnet component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Infinite loop

EUVDB-ID: #VU8332

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12989

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to infinite loop in the RESP component. A remote attacker can send specially crafted data and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Infinite loop

EUVDB-ID: #VU8333

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12990

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to infinite loop in the ISAKMP component. A remote attacker can send specially crafted data and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Buffer over-read

EUVDB-ID: #VU8361

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12991

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the BGP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Buffer over-read

EUVDB-ID: #VU8366

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12992

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the RIPng component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Buffer over-read

EUVDB-ID: #VU8367

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12993

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the Juniper component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Buffer over-read

EUVDB-ID: #VU8362

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12994

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the BGP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Infinite loop

EUVDB-ID: #VU8334

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12995

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to infinite loop in the DNS component. A remote attacker can send specially crafted data and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Buffer over-read

EUVDB-ID: #VU8369

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12996

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the PIMv2 component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Infinite loop

EUVDB-ID: #VU8335

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12997

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to infinite loop in the LLDP component. A remote attacker can send specially crafted data and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Buffer over-read

EUVDB-ID: #VU8370

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12998

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the ISO IS-IS component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Buffer over-read

EUVDB-ID: #VU8371

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12999

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the ISO IS-IS component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Buffer over-read

EUVDB-ID: #VU8375

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13000

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the IEEE 802.15.4 component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Buffer over-read

EUVDB-ID: #VU8347

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13001

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the NFS component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Buffer over-read

EUVDB-ID: #VU8376

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13002

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the AODV component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Buffer over-read

EUVDB-ID: #VU8377

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13003

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the LMP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Buffer over-read

EUVDB-ID: #VU8368

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13004

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the Juniper component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Buffer over-read

EUVDB-ID: #VU8346

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13005

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the NFS component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Buffer over-read

EUVDB-ID: #VU8378

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13006

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the L2TP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Buffer over-read

EUVDB-ID: #VU8379

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13007

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the Apple PKTAP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Buffer over-read

EUVDB-ID: #VU8359

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13008

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the IEEE 802.11 component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Buffer over-read

EUVDB-ID: #VU8354

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13009

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the IPv6 mobility component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Buffer over-read

EUVDB-ID: #VU8380

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13010

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the BEEP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Buffer overflow

EUVDB-ID: #VU8331

Risk: Low

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13011

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists due to boundary error in the the bittok2str_internal component. A remote attacker can send an overly long string argument, trigger buffer overflow and cause the application to crash or possibly execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Buffer over-read

EUVDB-ID: #VU8341

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13012

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the ICMP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Buffer over-read

EUVDB-ID: #VU8381

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13013

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the ARP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Buffer over-read

EUVDB-ID: #VU8382

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13014

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the White Board component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Buffer over-read

EUVDB-ID: #VU8383

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13015

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the EAP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Buffer over-read

EUVDB-ID: #VU8384

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13016

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the ISO ES-IS component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Buffer over-read

EUVDB-ID: #VU8386

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13017

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the DHCPv6 component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Buffer over-read

EUVDB-ID: #VU8387

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13018

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the PGM component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Buffer over-read

EUVDB-ID: #VU8388

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13019

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the PGM component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Buffer over-read

EUVDB-ID: #VU8391

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13020

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the VTP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Buffer over-read

EUVDB-ID: #VU8392

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13021

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the ICMPv6 component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Buffer over-read

EUVDB-ID: #VU8394

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13022

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the IP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Buffer over-read

EUVDB-ID: #VU8355

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13023

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the IPv6 mobility component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Buffer over-read

EUVDB-ID: #VU8356

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13024

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the IPv6 mobility component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Buffer over-read

EUVDB-ID: #VU8357

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13025

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the IPv6 mobility component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Buffer over-read

EUVDB-ID: #VU8372

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13026

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the ISO IS-IS component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Buffer over-read

EUVDB-ID: #VU8395

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13027

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the LLDP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Buffer over-read

EUVDB-ID: #VU8397

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13028

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the BOOTP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Buffer over-read

EUVDB-ID: #VU8398

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13029

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the PPP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Buffer over-read

EUVDB-ID: #VU8399

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13030

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the PIM component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Buffer over-read

EUVDB-ID: #VU8400

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13031

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the IPv6 fragmentation header component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Buffer over-read

EUVDB-ID: #VU8401

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13032

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the RADIUS component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Buffer over-read

EUVDB-ID: #VU8390

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13033

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the VTP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Buffer over-read

EUVDB-ID: #VU8389

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13034

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the PGM component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Buffer over-read

EUVDB-ID: #VU8374

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13035

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the ISO IS-IS component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Buffer over-read

EUVDB-ID: #VU8402

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13036

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the OSPFv3 component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Buffer over-read

EUVDB-ID: #VU8403

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13037

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the IP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Buffer over-read

EUVDB-ID: #VU8404

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13038

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the PPP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Buffer over-read

EUVDB-ID: #VU8343

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13039

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the ISAKMP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Buffer over-read

EUVDB-ID: #VU8405

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13040

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the MPTCP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Buffer over-read

EUVDB-ID: #VU8393

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13041

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the ICMPv6 component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Buffer over-read

EUVDB-ID: #VU8406

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13042

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the HNCP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Buffer over-read

EUVDB-ID: #VU8365

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13043

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the BGP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Buffer over-read

EUVDB-ID: #VU8407

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13044

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the HNCP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Buffer over-read

EUVDB-ID: #VU8408

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13045

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the VQP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Buffer over-read

EUVDB-ID: #VU8364

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13046

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the BGP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Buffer over-read

EUVDB-ID: #VU8385

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13047

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the ISO ES-IS component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Buffer over-read

EUVDB-ID: #VU8409

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13048

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the RSVP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Buffer over-read

EUVDB-ID: #VU8411

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13049

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the Rx component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Buffer over-read

EUVDB-ID: #VU8412

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13050

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the RPKI-Router component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Buffer over-read

EUVDB-ID: #VU8410

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13051

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the RSVP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Buffer over-read

EUVDB-ID: #VU8413

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13052

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the CFM component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Buffer over-read

EUVDB-ID: #VU8363

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13053

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the BGP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Buffer over-read

EUVDB-ID: #VU8396

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13054

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the LLDP component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Buffer over-read

EUVDB-ID: #VU8373

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13055

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the ISO IS-IS component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Buffer over-read

EUVDB-ID: #VU8414

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13687

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the Cisco HDLC component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Buffer over-read

EUVDB-ID: #VU8415

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13688

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the OLSR component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Buffer over-read

EUVDB-ID: #VU8416

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13689

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the IKEv1 component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Buffer over-read

EUVDB-ID: #VU8417

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13690

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the IKEv2 component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Buffer over-read

EUVDB-ID: #VU8418

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13725

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the IPv6 routing headers component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation

Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

CPE2.3 External links

http://www.tcpdump.org/tcpdump-changes.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###