CVE-2014-8769

CWE-119Buffer OverflowCWE-787Out-of-bounds Write10 documents9 sources
Severity
6.4MEDIUM
EPSS
3.1%
top 13.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Tcpdump
Timeline
PublishedNov 20
Latest updateMay 14

Description

tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access.

CVSS vector

AV:N/AC:L/C:P/I:N/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

Debiantcpdump< 4.6.2-2+3
NVDredhat/tcpdump23 versions+22

🔴Vulnerability Details

3
GHSA
GHSA-rfvv-px5p-7fmg: tcpdump 32022-05-14
OSV
CVE-2014-8769: tcpdump 32014-11-20
CVEList
CVE-2014-8769: tcpdump 32014-11-20

📋Vendor Advisories

4
Ubuntu
tcpdump vulnerabilities2014-12-04
Red Hat
tcpdump: unreliable output using malformed AOVD payload2014-11-13
Debian
CVE-2014-8769: tcpdump - tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive infor...2014
Apple
CVE-2014-8769: OS X Yosemite v10.10.5 and Security Update 2015-006

💬Community

2
Bugzilla
CVE-2014-8769 tcpdump: unreliable output using malformed AOVD payload2014-11-18
Bugzilla
CVE-2014-8769 tcpdump: unreliable output using malformed AOVD payload [fedora-all]2014-11-18
CVE-2014-8769 (MEDIUM CVSS 6.4) | tcpdump 3.8 through 4.6.2 might all | cvebase.io