1. CVE-Search
  2. CVE-2014-8768
ID CVE-2014-8768
Summary Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.
References
Vulnerable Configurations
  • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:tcpdump:4.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:tcpdump:4.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:tcpdump:4.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:tcpdump:4.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:tcpdump:4.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:tcpdump:4.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:tcpdump:4.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:tcpdump:4.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:tcpdump:4.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:tcpdump:4.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:tcpdump:4.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:tcpdump:4.6.2:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:
CWE CWE-191
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 71155
bugtraq 20141118 CVE-2014-8768 tcpdump denial of service in verbose mode using malformed Geonet payload
confirm http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
exploit-db 35359
fulldisc 20141118 CVE-2014-8768 tcpdump denial of service in verbose mode using malformed Geonet payload
misc http://packetstormsecurity.com/files/129156/tcpdump-4.6.2-Geonet-Denial-Of-Service.html
suse openSUSE-SU-2015:0284
ubuntu USN-2433-1
xf tpcdump-cve20148768-dos(98766)
Last major update 30-10-2018 - 16:27
Published 20-11-2014 - 17:50
Last modified 30-10-2018 - 16:27
Back to Top