CVE-2015-0261 — Tcpdump vulnerability

CWE-1898 documents7 sources

Severity

7.5HIGHNVD

EPSS

1.4%

top 19.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tcpdump Debian Tcpdump

Timeline

PublishedMar 24

Latest updateMay 14

Description

Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/tcpdump< tcpdump 4.6.2-4 (bookworm)

▶Debiantcpdump/tcpdump< 4.6.2-4+3

▶NVDtcpdump/tcpdump4.7.0

🔴Vulnerability Details

GHSA

GHSA-58ww-chv2-94cr: Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4↗2022-05-14

▶

OSV

CVE-2015-0261: Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4↗2015-03-24

▶

📋Vendor Advisories

Ubuntu

tcpdump vulnerabilities↗2015-04-27

▶

Red Hat

tcpdump: IPv6 mobility printer mobility_opt_print() typecastimg/signedness error↗2015-03-09

▶

Debian

CVE-2015-0261: tcpdump - Integer signedness error in the mobility_opt_print function in the IPv6 mobility...↗2015

▶

💬Community

Bugzilla

CVE-2015-0261 tcpdump: IPv6 mobility printer mobility_opt_print() typecastimg/signedness error↗2015-03-13

▶

Bugzilla

CVE-2015-0261 CVE-2015-2154 CVE-2015-2153 CVE-2015-2155 tcpdump: various flaws [fedora-all]↗2015-03-13

▶