CVE-2017-13031 — Out-of-bounds Read in Tcpdump
Severity
9.8CRITICALNVD
OSV7.5
EPSS
0.6%
top 30.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 14
Latest updateJan 29
Description
The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print().
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages5 packages
Patches
🔴Vulnerability Details
3📋Vendor Advisories
5Apple▶
CVE-2017-13031: macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan↗2017-10-31
Red Hat▶
tcpdump: Buffer over-read in print-frag6.c:frag6_print() in IPv6 fragmentation header parser↗2017-09-13
Debian▶
CVE-2017-13031: tcpdump - The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-r...↗2017
📄Research Papers
1💬Community
2Bugzilla▶
CVE-2017-13031 tcpdump: Buffer over-read in print-frag6.c:frag6_print() in IPv6 fragmentation header parser↗2017-09-11
Bugzilla▶
CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-11544 CVE-2017-11545 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2↗2017-07-26