CVE-2007-1218 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Tcpdump

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-18910 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

20.3%

top 4.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tcpdump Debian Tcpdump

Timeline

PublishedMar 2

Latest updateMay 1

Description

Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/tcpdump< tcpdump 3.9.5-2 (bookworm)

▶Debiantcpdump/tcpdump< 3.9.5-2+3

▶NVDtcpdump/tcpdump3.9.5

🔴Vulnerability Details

GHSA

GHSA-r3xv-hqxp-h6pv: Off-by-one buffer overflow in the parse_elements function in the 802↗2022-05-01

▶

OSV

CVE-2007-1218: Off-by-one buffer overflow in the parse_elements function in the 802↗2007-03-02

▶

📋Vendor Advisories

Ubuntu

tcpdump vulnerability↗2007-03-06

▶

Red Hat

tcpdump denial of service↗2007-03-01

▶

Debian

CVE-2007-1218: tcpdump - Off-by-one buffer overflow in the parse_elements function in the 802.11 printer ...↗2007

▶

💬Community

Bugzilla

CVE-2007-1218 tcpdump denial of service↗2007-03-15

▶

Bugzilla

CVE-2007-1218 tcpdump denial of service↗2007-03-15

▶

Bugzilla

CVE-2007-1218 tcpdump denial of service↗2007-03-14

▶

Bugzilla

CVE-2007-1218 tcpdump denial of service↗2007-03-14

▶