#VU16161 Stack-based buffer over-read in Tcpdump

Published: 2018-11-27 | Updated: 2023-01-01

Vulnerability identifier: #VU16161

Vulnerability risk: Low


CVE-ID: CVE-2018-19519


Exploitation vector: Network

Exploit availability:

Vulnerable software:
Server applications / DLP, anti-spam, sniffers

Vendor: Tcpdump.org


The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition.

The vulnerability exists in the print_prefix function, as defined in the print-hncp.c source code file of the affected software due to insufficient initialization of the buf variable. A remote attacker can trick the victim into execution of the tcpdumpcommand on a .pcap file that submits malicious input, trigger a stack-based buffer overread and access sensitive memory information or cause a DoS condition. 

Install update from vendor's website.

Vulnerable software versions

Tcpdump: 4.9.2

Fixed software versions


External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability