CVE-2018-19519Out-of-bounds Read in Tcpdump

CWE-125Out-of-bounds ReadCWE-909Missing Initialization of Resource10 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.4%
top 40.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
TcpdumpDebian Tcpdump
Timeline
PublishedNov 25
Latest updateMay 13

Description

In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDtcpdump/tcpdump4.9.2

🔴Vulnerability Details

2
GHSA
GHSA-7252-xx9j-xr4g: In tcpdump 42022-05-13
OSV
CVE-2018-19519: In tcpdump 42018-11-25

📋Vendor Advisories

5
Ubuntu
tcpdump vulnerabilities2020-01-27
Ubuntu
tcpdump vulnerabilities2020-01-27
Red Hat
tcpdump: buffer over-read in function print_prefix in print-hncp.c2019-08-01
Red Hat
tcpdump: Stack-based buffer over-read in print-hncp.c:print_prefix() via crafted pcap2018-12-03
Debian
CVE-2018-19519: tcpdump - In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix func...2018

💬Community

2
Bugzilla
CVE-2019-1010220 tcpdump: buffer over-read in function print_prefix in print-hncp.c2019-08-01
Bugzilla
CVE-2018-19519 tcpdump: Stack-based buffer over-read in print-hncp.c:print_prefix() via crafted pcap2018-12-03