cbcvebase.
CVE-2014-8768
published 2014-11-20

CVE-2014-8768: Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of…

PriorityP433medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
20.39%
97.2th percentile
Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.

Affected

19 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiantcpdump< tcpdump 4.6.2-2 (bookworm)tcpdump 4.6.2-2 (bookworm)
opensuseopensuse
opensuseopensuse
oraclesolaris
redhattcpdump
redhattcpdump
redhattcpdump
redhattcpdump
redhattcpdump
redhattcpdump
tcpdumptcpdump>= 0 < 4.6.2-24.6.2-2
tcpdumptcpdump>= 0 < 4.6.2-24.6.2-2
tcpdumptcpdump>= 0 < 4.6.2-24.6.2-2
tcpdumptcpdump>= 0 < 4.6.2-24.6.2-2
tcpdumptcpdump>= 0 < 4.5.1-2ubuntu1.14.5.1-2ubuntu1.1

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.