Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-1024 — Infinite Loop in Tcpdump

17 documents4 sources

Severity

7.5HIGHNVD

EPSS

7.9%

top 7.97%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

LBL Tcpdump

Timeline

PublishedNov 28

Latest updateApr 30

Description

ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a denial of service via a packet with a zero length header, which causes an infinite loop and core dump when tcpdump prints the packet.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDlbl/tcpdump3.4

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-4xf9-whrj-cqwc: ip_print procedure in Tcpdump 3↗2022-04-30

▶

CVEList

CVE-1999-1024: ip_print procedure in Tcpdump 3↗2001-09-12

▶

💥Exploits & PoCs

Exploit-DB

BisonWare BisonFTP Server 3.5 - Remote Buffer Overflow↗2011-08-10

▶

Exploit-DB

The Matt Wright Guestbook.pl - Arbitrary Command Execution (Metasploit)↗2010-07-03

▶

Exploit-DB

Solaris 2.3/2.4/2.5/2.5.1/2.6/7.0 snoop - 'print_domain_name' Remote Buffer Overflow↗1999-12-07

▶

Exploit-DB

The Matt Wright Guestbook.pl 2.3.1 - Server-Side Include↗1999-11-05

▶

Exploit-DB

IBM Websphere 2.0/3.0 - ikeyman Weak Encrypted Password↗1999-10-24

▶