CVE-2014-8767

CWE-189 CWE-787 — Out-of-bounds Write11 documents9 sources

Severity

5.0MEDIUM

EPSS

6.5%

top 8.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Tcpdump

Timeline

PublishedNov 20

Latest updateMay 14

Description

Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶Debiantcpdump< 4.6.2-2+3

▶Ubuntutcpdump< 4.5.1-2ubuntu1.1

▶NVDredhat/tcpdump17 versions+16

🔴Vulnerability Details

GHSA

GHSA-wcfm-6f8f-6jv8: Integer underflow in the olsr_print function in tcpdump 3↗2022-05-14

▶

OSV

tcpdump vulnerabilities↗2014-12-04

▶

OSV

CVE-2014-8767: Integer underflow in the olsr_print function in tcpdump 3↗2014-11-20

▶

CVEList

CVE-2014-8767: Integer underflow in the olsr_print function in tcpdump 3↗2014-11-20

▶

📋Vendor Advisories

Ubuntu

tcpdump vulnerabilities↗2014-12-04

▶

Red Hat

tcpdump: denial of service in verbose mode using malformed OLSR payload↗2014-11-13

▶

Debian

CVE-2014-8767: tcpdump - Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, whe...↗2014

▶

Apple

CVE-2014-8767: OS X Yosemite v10.10.5 and Security Update 2015-006↗

▶

💬Community

Bugzilla

CVE-2014-8767 tcpdump: denial of service in verbose mode using malformed OLSR payload↗2014-11-18

▶

Bugzilla

CVE-2014-8767 tcpdump: denial of service in verbose mode using malformed OLSR payload [fedora-all]↗2014-11-18

▶