Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-1029 — Infinite Loop in Tcpdump

6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

21.4%

top 4.29%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Tcpdump LBL Tcpdump

Timeline

PublishedFeb 17

Latest updateApr 29

Description

The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debiantcpdump/tcpdump< 3.8.3-1+3

▶NVDlbl/tcpdump6 versions+5

Patches

Patch: www.debian.org ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-3h9x-q7vx-j2wh: The L2TP protocol parser in tcpdump 3↗2022-04-29

▶

OSV

CVE-2003-1029: The L2TP protocol parser in tcpdump 3↗2004-02-17

▶

CVEList

CVE-2003-1029: The L2TP protocol parser in tcpdump 3↗2004-01-15

▶

💥Exploits & PoCs

Exploit-DB

Tcpdump 3.x - L2TP Parser Remote Denial of Service↗2003-12-20

▶

📋Vendor Advisories

Debian

CVE-2003-1029: tcpdump - The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to...↗2003

▶