Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-1279 — Infinite Loop in Tcpdump

12 documents10 sources
Severity
5.0MEDIUMNVD
EPSS
56.8%
top 1.86%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
TcpdumpLBL Tcpdump
Timeline
PublishedMay 2
Latest updateMay 3

Description

tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

â–¶Debiantcpdump/tcpdump< 3.8.3-4+3
â–¶NVDlbl/tcpdump3.8.3

🔴Vulnerability Details

3
GHSA
GHSA-4cr9-2wh9-585g: tcpdump 3↗2022-05-03
â–¶
OSV
CVE-2005-1279: tcpdump 3↗2005-05-02
â–¶
CVEList
CVE-2005-1279: tcpdump 3↗2005-04-26
â–¶

💥Exploits & PoCs

2
Exploit-DB
Tcpdump 3.8.x - 'ldp_print' Infinite Loop Denial of Service↗2005-04-26
â–¶
Exploit-DB
Tcpdump 3.8.x - 'rt_routing_info' Infinite Loop Denial of Service↗2005-04-26
â–¶

📋Vendor Advisories

3
Ubuntu
tcpdump vulnerabilities↗2005-05-06
â–¶
Red Hat
security flaw↗2005-04-26
â–¶
Debian
CVE-2005-1279: tcpdump - tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (...↗2005
â–¶

💬Community

1
Bugzilla
CVE-2005-1279 security flaw↗2018-08-16
â–¶
CVE-2005-1279 — Infinite Loop in LBL Tcpdump | cvebase