Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-3798 — Unchecked Return Value in Tcpdump

CWE-252 — Unchecked Return Value CWE-754 — Improper Check for Unusual or Exceptional Conditions CWE-190 — Integer Overflow or Wraparound14 documents10 sources

Severity

9.8CRITICALNVD

EPSS

72.7%

top 1.22%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Tcpdump Apple MAC OS X Apple MAC OS X Server +5 more

Timeline

PublishedJul 16

Latest updateMay 1

Description

Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

▶debiandebian/tcpdump< tcpdump 3.9.5-3 (bookworm)

▶Debiantcpdump/tcpdump< 3.9.5-3+3

▶NVDtcpdump/tcpdump3.9.6

▶NVDapple/mac_os_x10.0.0 — 10.4.11

▶NVDfreebsd/freebsd5.0 — 5.5+4

Also affects: Debian Linux 3.1, 4.0, Ubuntu Linux 6.06, 6.10, 7.04

Patches

Patch: slackware.com ↗Patch: slackware.com ↗

🔴Vulnerability Details

GHSA

GHSA-cg3g-c98g-38cg: Integer overflow in print-bgp↗2022-05-01

▶

OSV

CVE-2007-3798: Integer overflow in print-bgp↗2007-07-16

▶

💥Exploits & PoCs

Exploit-DB

tcpdump - Print-bgp.C Remote Integer Underflow↗2007-03-01

▶

📋Vendor Advisories

BSD

FreeBSD-SA-07:06.tcpdump: Buffer overflow in tcpdump(1)↗2007-08-01

▶

Ubuntu

tcpdump vulnerability↗2007-07-31

▶

Red Hat

tcpdump BGP integer overflow↗2007-07-10

▶

Debian

CVE-2007-3798: tcpdump - Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlie...↗2007

▶

📐Framework References

CWE

Unchecked Return Value↗

▶

CWE

Improper Check for Unusual or Exceptional Conditions↗

▶

💬Community

Bugzilla

CVE-2007-3798 tcpdump BGP integer overflow [FC6]↗2007-07-31

▶

Bugzilla

CVE-2007-3798 tcpdump BGP integer overflow↗2007-07-31

▶

Bugzilla

CVE-2007-3798 tcpdump BGP integer overflow [Fdevel]↗2007-07-31

▶

Bugzilla

CVE-2007-3798 tcpdump BGP integer overflow [F7]↗2007-07-31

▶