Debian Tcpdump vulnerabilities

CVE-2016-8574 [CRITICAL] CVE-2016-8574: tcpdump - The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:fr... The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print(). Scope: local bookworm: resolved (fixed in 4.9.0-1) bullseye: resolved (fixed in 4.9.0-1) forky: resolved (fixed in 4.9.0-1) sid: resolved (fixed in 4.9.0-1) trixie: resolved (fixed in 4.9.0-1)

CVE-2016-7993 [CRITICAL] CVE-2016-7993: tcpdump - A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer... A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM). Scope: local bookworm: resolved (fixed in 4.9.0-1) bullseye: resolved (fixed in 4.9.0-1) forky: resolved (fixed in 4.9.0-1) sid: resolved (fixed in 4.9.0-1) trixie: resolved (fixed in 4

CVE-2016-7983 [CRITICAL] CVE-2016-7983: tcpdump - The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:... The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print(). Scope: local bookworm: resolved (fixed in 4.9.0-1) bullseye: resolved (fixed in 4.9.0-1) forky: resolved (fixed in 4.9.0-1) sid: resolved (fixed in 4.9.0-1) trixie: resolved (fixed in 4.9.0-1)

CVE-2016-7923 [CRITICAL] CVE-2016-7923: tcpdump - The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_... The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print(). Scope: local bookworm: resolved (fixed in 4.9.0-1) bullseye: resolved (fixed in 4.9.0-1) forky: resolved (fixed in 4.9.0-1) sid: resolved (fixed in 4.9.0-1) trixie: resolved (fixed in 4.9.0-1)

CVE-2015-0261 [HIGH] CVE-2015-0261: tcpdump - Integer signedness error in the mobility_opt_print function in the IPv6 mobility... Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value. Scope: local bookworm: resolved (fixed in 4.6.2-4) bullseye: resolved (fixed in 4.6.2-4) forky: resolved (fix

CVE-2015-2155 [HIGH] CVE-2015-2155: tcpdump - The force printer in tcpdump before 4.7.2 allows remote attackers to cause a den... The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. Scope: local bookworm: resolved (fixed in 4.6.2-4) bullseye: resolved (fixed in 4.6.2-4) forky: resolved (fixed in 4.6.2-4) sid: resolved (fixed in 4.6.2-4) trixie: resolved (fixed in 4.6.2-4)

CVE-2015-2154 [MEDIUM] CVE-2015-2154: tcpdump - The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdu... The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value. Scope: local bookworm: resolved (fixed in 4.6.2-4) bullseye: resolved (fixed in 4.6.2-4) forky: resolved (fixed in

CVE-2015-2153 [MEDIUM] CVE-2015-2153: tcpdump - The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdum... The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU). Scope: local bookworm: resolved (fixed in 4.6.2-4) bullseye: resolved (fixed in 4.6.2-4) forky: resolved (fixed

CVE-2015-3138 [HIGH] CVE-2015-3138: tcpdump - print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of ... print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash). Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2014-8769 [MEDIUM] CVE-2014-8769: tcpdump - tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive infor... tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access. Scope: local bookworm: resolved (fixed in 4.6.2-2) bullseye: resolved (fixed in 4.6.2-2) forky:

CVE-2014-8767 [MEDIUM] CVE-2014-8767: tcpdump - Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, whe... Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame. Scope: local bookworm: resolved (fixed in 4.6.2-2) bullseye: resolved (fixed in 4.6.2-2) forky: resolved (fixed in 4.6.2-2) sid: resolved (fixed in 4.6.2-2) trixie

CVE-2014-8768 [MEDIUM] CVE-2014-8768: tcpdump - Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 throug... Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame. Scope: local bookworm: resolved (fixed in 4.6.2-2) bullseye: resolved (fixed in 4.6.2-2) forky: resolved (fixed in 4.6.2-2) sid:

CVE-2014-9140 [MEDIUM] CVE-2014-9140: tcpdump - Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and ear... Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet. Scope: local bookworm: resolved (fixed in 4.6.2-3) bullseye: resolved (fixed in 4.6.2-3) forky: resolved (fixed in 4.6.2-3) sid: resolved (fixed in 4.6.2-3) trixie: resolved (fixed in 4.6.2-3)

CVE-2007-3798 [CRITICAL] CVE-2007-3798: tcpdump - Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlie... Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value. Scope: local bookworm: resolved (fixed in 3.9.5-3) bullseye: resolved (fixed in 3.9.5-3) forky: resolved (fixed in 3.9.5-3) sid: resolved (fixed in 3.9.5-3) trixi

CVE-2007-1218 [MEDIUM] CVE-2007-1218: tcpdump - Off-by-one buffer overflow in the parse_elements function in the 802.11 printer ... Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based. Scope: local bookworm: resolved (fixed in 3.9.5-2) bullseye: reso

CVE-2005-1279 [MEDIUM] CVE-2005-1279: tcpdump - tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (... tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function. Scope: local bookworm: resolved (fixed in 3.8.3-4) bullseye: resolved (fixed in 3.8.3-4) forky: resolved (fixed in 3.

CVE-2005-1280 [MEDIUM] CVE-2005-1280: tcpdump - The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to ... The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4. Scope: local bookworm: resolved (fixed in 3.8.3-4) bullseye: resolved (fixed in 3.8.3-4) forky: resolved (fixed in 3.8.3-4) sid: resolved (fixed in 3.8.3-4) trixie: resolved (fixed in 3.8.3-4)

CVE-2005-1267 [MEDIUM] CVE-2005-1267: tcpdump - The bgp_update_print function in tcpdump 3.x does not properly handle a -1 retur... The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet. Scope: local bookworm: resolved (fixed in 3.9.0.cvs.20050614-1) bullseye: resolved (fixed in 3.9.0.cvs.20050614-1) forky: resolved (fixed in 3.9.

CVE-2005-1278 [MEDIUM] CVE-2005-1278: tcpdump - The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlie... The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet. Scope: local bookworm: resolved (fixed in 3.8.3-4) bullseye: resolved (fixed in 3.8.3-4) forky: resolved (fixed in 3.8.3-4) sid: resolved (fixed in 3.8.3-4) trixi

CVE-2004-0057 [HIGH] CVE-2004-0057: tcpdump - The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdu... The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989. Scope: local bookworm: resolved (fixed in 3.8.3-1) bullse