Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-1278Infinite Loop in Tcpdump

11 documents10 sources
Severity
5.0MEDIUMNVD
EPSS
15.4%
top 5.34%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
TcpdumpLBL Tcpdump
Timeline
PublishedMay 2
Latest updateMay 3

Description

The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debiantcpdump/tcpdump< 3.8.3-4+3
NVDlbl/tcpdump3.9.1

🔴Vulnerability Details

3
GHSA
GHSA-24qh-5jcc-qhqq: The isis_print function, as called by isoclns_print, in tcpdump 32022-05-03
OSV
CVE-2005-1278: The isis_print function, as called by isoclns_print, in tcpdump 32005-05-02
CVEList
CVE-2005-1278: The isis_print function, as called by isoclns_print, in tcpdump 32005-04-26

💥Exploits & PoCs

1
Exploit-DB
Tcpdump 3.8.x/3.9.1 - 'isis_print' Infinite Loop Denial of Service2005-04-26

📋Vendor Advisories

3
Ubuntu
tcpdump vulnerabilities2005-05-06
Red Hat
security flaw2005-04-26
Debian
CVE-2005-1278: tcpdump - The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlie...2005

💬Community

1
Bugzilla
CVE-2005-1278 security flaw2018-08-16
CVE-2005-1278 — Infinite Loop in LBL Tcpdump | cvebase