Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-14462 (GCVE-0-2018-14462)
Vulnerability from cvelistv5 – Published: 2019-10-03 15:11 – Updated: 2025-12-03 21:03
VLAI?
EPSS
Summary
The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
16 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:29:51.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3"
},
{
"name": "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html"
},
{
"name": "openSUSE-SU-2019:2344",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html"
},
{
"name": "openSUSE-SU-2019:2348",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html"
},
{
"name": "20191021 [SECURITY] [DSA 4547-1] tcpdump security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Oct/28"
},
{
"name": "DSA-4547",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4547"
},
{
"name": "FEDORA-2019-85d92df70f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/"
},
{
"name": "FEDORA-2019-d06bc63433",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/"
},
{
"name": "FEDORA-2019-6db0d5b9d9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210788"
},
{
"name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Dec/23"
},
{
"name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Dec/26"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200120-0001/"
},
{
"name": "USN-4252-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4252-2/"
},
{
"name": "USN-4252-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4252-1/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-14462",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T21:03:12.714645Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T21:03:17.761Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print()."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T03:06:19.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3"
},
{
"name": "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html"
},
{
"name": "openSUSE-SU-2019:2344",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html"
},
{
"name": "openSUSE-SU-2019:2348",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html"
},
{
"name": "20191021 [SECURITY] [DSA 4547-1] tcpdump security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Oct/28"
},
{
"name": "DSA-4547",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4547"
},
{
"name": "FEDORA-2019-85d92df70f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/"
},
{
"name": "FEDORA-2019-d06bc63433",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/"
},
{
"name": "FEDORA-2019-6db0d5b9d9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210788"
},
{
"name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Dec/23"
},
{
"name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Dec/26"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200120-0001/"
},
{
"name": "USN-4252-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4252-2/"
},
{
"name": "USN-4252-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4252-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES",
"refsource": "MISC",
"url": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES"
},
{
"name": "https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3",
"refsource": "CONFIRM",
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3"
},
{
"name": "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html"
},
{
"name": "openSUSE-SU-2019:2344",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html"
},
{
"name": "openSUSE-SU-2019:2348",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html"
},
{
"name": "20191021 [SECURITY] [DSA 4547-1] tcpdump security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Oct/28"
},
{
"name": "DSA-4547",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4547"
},
{
"name": "FEDORA-2019-85d92df70f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/"
},
{
"name": "FEDORA-2019-d06bc63433",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/"
},
{
"name": "FEDORA-2019-6db0d5b9d9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/"
},
{
"name": "https://support.apple.com/kb/HT210788",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210788"
},
{
"name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Dec/23"
},
{
"name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Dec/26"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200120-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200120-0001/"
},
{
"name": "USN-4252-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4252-2/"
},
{
"name": "USN-4252-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4252-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14462",
"datePublished": "2019-10-03T15:11:19.000Z",
"dateReserved": "2018-07-20T00:00:00.000Z",
"dateUpdated": "2025-12-03T21:03:17.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-14462",
"date": "2026-05-19",
"epss": "0.00519",
"percentile": "0.67008"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.9.3\", \"matchCriteriaId\": \"CA59BD9C-6C0C-4584-A8CC-8C652E9D36AF\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.0.0\", \"versionEndIncluding\": \"5.1.0\", \"matchCriteriaId\": \"4E52F91D-3F39-4D89-8069-EC422FB1F700\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.9.3\", \"matchCriteriaId\": \"CA59BD9C-6C0C-4584-A8CC-8C652E9D36AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.15.2\", \"matchCriteriaId\": \"F15588EA-D854-4694-97C6-53D9AA8B6F2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D100F7CE-FC64-4CC6-852A-6136D72DA419\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1E78106-58E6-4D59-990F-75DA575BFAD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().\"}, {\"lang\": \"es\", \"value\": \"El analizador ICMP en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del b\\u00fafer en print-icmp.c:icmp_print().\"}]",
"id": "CVE-2018-14462",
"lastModified": "2024-11-21T03:49:07.383",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-10-03T16:15:11.490",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2019/Dec/26\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://seclists.org/bugtraq/2019/Dec/23\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Oct/28\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200120-0001/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://support.apple.com/kb/HT210788\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4252-1/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://usn.ubuntu.com/4252-2/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.debian.org/security/2019/dsa-4547\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2019/Dec/26\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://seclists.org/bugtraq/2019/Dec/23\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Oct/28\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200120-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/kb/HT210788\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4252-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/4252-2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2019/dsa-4547\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-14462\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-10-03T16:15:11.490\",\"lastModified\":\"2025-12-03T21:15:49.143\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().\"},{\"lang\":\"es\",\"value\":\"El analizador ICMP en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del b\u00fafer en print-icmp.c:icmp_print().\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.9.3\",\"matchCriteriaId\":\"CA59BD9C-6C0C-4584-A8CC-8C652E9D36AF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndIncluding\":\"5.1.0\",\"matchCriteriaId\":\"4E52F91D-3F39-4D89-8069-EC422FB1F700\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.9.3\",\"matchCriteriaId\":\"CA59BD9C-6C0C-4584-A8CC-8C652E9D36AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.15.2\",\"matchCriteriaId\":\"F15588EA-D854-4694-97C6-53D9AA8B6F2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D100F7CE-FC64-4CC6-852A-6136D72DA419\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/Dec/26\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://seclists.org/bugtraq/2019/Dec/23\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Oct/28\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200120-0001/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.apple.com/kb/HT210788\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4252-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4252-2/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4547\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/Dec/26\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/Dec/23\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Oct/28\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200120-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/kb/HT210788\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4252-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4252-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4547\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html\", \"name\": \"[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html\", \"name\": \"openSUSE-SU-2019:2344\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html\", \"name\": \"openSUSE-SU-2019:2348\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Oct/28\", \"name\": \"20191021 [SECURITY] [DSA 4547-1] tcpdump security update\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4547\", \"name\": \"DSA-4547\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/\", \"name\": \"FEDORA-2019-85d92df70f\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/\", \"name\": \"FEDORA-2019-d06bc63433\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/\", \"name\": \"FEDORA-2019-6db0d5b9d9\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT210788\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Dec/23\", \"name\": \"20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2019/Dec/26\", \"name\": \"20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra\", \"tags\": [\"mailing-list\", \"x_refsource_FULLDISC\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200120-0001/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/4252-2/\", \"name\": \"USN-4252-2\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/4252-1/\", \"name\": \"USN-4252-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T09:29:51.278Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2018-14462\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-03T21:03:12.714645Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-03T20:58:45.384Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html\", \"name\": \"[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html\", \"name\": \"openSUSE-SU-2019:2344\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html\", \"name\": \"openSUSE-SU-2019:2348\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Oct/28\", \"name\": \"20191021 [SECURITY] [DSA 4547-1] tcpdump security update\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4547\", \"name\": \"DSA-4547\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/\", \"name\": \"FEDORA-2019-85d92df70f\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/\", \"name\": \"FEDORA-2019-d06bc63433\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/\", \"name\": \"FEDORA-2019-6db0d5b9d9\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"https://support.apple.com/kb/HT210788\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Dec/23\", \"name\": \"20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2019/Dec/26\", \"name\": \"20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra\", \"tags\": [\"mailing-list\", \"x_refsource_FULLDISC\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200120-0001/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://usn.ubuntu.com/4252-2/\", \"name\": \"USN-4252-2\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"https://usn.ubuntu.com/4252-1/\", \"name\": \"USN-4252-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2020-02-05T03:06:19.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES\", \"name\": \"https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES\", \"refsource\": \"MISC\"}, {\"url\": \"https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3\", \"name\": \"https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html\", \"name\": \"[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update\", \"refsource\": \"MLIST\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html\", \"name\": \"openSUSE-SU-2019:2344\", \"refsource\": \"SUSE\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html\", \"name\": \"openSUSE-SU-2019:2348\", \"refsource\": \"SUSE\"}, {\"url\": \"https://seclists.org/bugtraq/2019/Oct/28\", \"name\": \"20191021 [SECURITY] [DSA 4547-1] tcpdump security update\", \"refsource\": \"BUGTRAQ\"}, {\"url\": \"https://www.debian.org/security/2019/dsa-4547\", \"name\": \"DSA-4547\", \"refsource\": \"DEBIAN\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/\", \"name\": \"FEDORA-2019-85d92df70f\", \"refsource\": \"FEDORA\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/\", \"name\": \"FEDORA-2019-d06bc63433\", \"refsource\": \"FEDORA\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/\", \"name\": \"FEDORA-2019-6db0d5b9d9\", \"refsource\": \"FEDORA\"}, {\"url\": \"https://support.apple.com/kb/HT210788\", \"name\": \"https://support.apple.com/kb/HT210788\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://seclists.org/bugtraq/2019/Dec/23\", \"name\": \"20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra\", \"refsource\": \"BUGTRAQ\"}, {\"url\": \"http://seclists.org/fulldisclosure/2019/Dec/26\", \"name\": \"20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra\", \"refsource\": \"FULLDISC\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200120-0001/\", \"name\": \"https://security.netapp.com/advisory/ntap-20200120-0001/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://usn.ubuntu.com/4252-2/\", \"name\": \"USN-4252-2\", \"refsource\": \"UBUNTU\"}, {\"url\": \"https://usn.ubuntu.com/4252-1/\", \"name\": \"USN-4252-1\", \"refsource\": \"UBUNTU\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2018-14462\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2018-14462\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-03T21:03:17.761Z\", \"dateReserved\": \"2018-07-20T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2019-10-03T15:11:19.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2019-AVI-620
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | iOS versions 13.x antérieures à 13.3 | ||
| Apple | N/A | Xcode versions antérieures à 11.3 | ||
| Apple | N/A | watchOS versions 5.x antérieures à 5.3.4 | ||
| Apple | N/A | Mojave sans le correctif de sécurité 2019-002 | ||
| Apple | N/A | watchOS versions 6.x antérieures à 6.1.1 | ||
| Apple | N/A | tvOS versions antérieures à 13.3 | ||
| Apple | N/A | High Sierra sans le correctif de sécurité 2019-007 | ||
| Apple | N/A | iPadOS versions antérieures à 13.3 | ||
| Apple | Safari | Safari versions antérieures à 13.0.4 | ||
| Apple | macOS | macOS Catalina versions antérieures à 10.15.2 | ||
| Apple | N/A | iOS versions 12.x antérieures à 12.4.4 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iOS versions 13.x ant\u00e9rieures \u00e0 13.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 11.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions 5.x ant\u00e9rieures \u00e0 5.3.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Mojave sans le correctif de s\u00e9curit\u00e9 2019-002",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions 6.x ant\u00e9rieures \u00e0 6.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 13.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "High Sierra sans le correctif de s\u00e9curit\u00e9 2019-007",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 13.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 13.0.4",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Catalina versions ant\u00e9rieures \u00e0 10.15.2",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions 12.x ant\u00e9rieures \u00e0 12.4.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-14463",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14463"
},
{
"name": "CVE-2019-8847",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8847"
},
{
"name": "CVE-2018-14468",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14468"
},
{
"name": "CVE-2018-16451",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16451"
},
{
"name": "CVE-2015-1545",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1545"
},
{
"name": "CVE-2012-2668",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2668"
},
{
"name": "CVE-2012-1164",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1164"
},
{
"name": "CVE-2018-14881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14881"
},
{
"name": "CVE-2017-16808",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16808"
},
{
"name": "CVE-2019-13057",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13057"
},
{
"name": "CVE-2019-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8840"
},
{
"name": "CVE-2019-8835",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8835"
},
{
"name": "CVE-2018-16227",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16227"
},
{
"name": "CVE-2019-15165",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15165"
},
{
"name": "CVE-2019-8832",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8832"
},
{
"name": "CVE-2019-8844",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8844"
},
{
"name": "CVE-2019-8857",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8857"
},
{
"name": "CVE-2019-8841",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8841"
},
{
"name": "CVE-2019-8837",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8837"
},
{
"name": "CVE-2018-16228",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16228"
},
{
"name": "CVE-2019-15164",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15164"
},
{
"name": "CVE-2019-8852",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8852"
},
{
"name": "CVE-2019-8839",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8839"
},
{
"name": "CVE-2018-14465",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14465"
},
{
"name": "CVE-2019-15162",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15162"
},
{
"name": "CVE-2018-10103",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10103"
},
{
"name": "CVE-2018-14880",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14880"
},
{
"name": "CVE-2019-15161",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15161"
},
{
"name": "CVE-2018-14470",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14470"
},
{
"name": "CVE-2019-8856",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8856"
},
{
"name": "CVE-2018-14469",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14469"
},
{
"name": "CVE-2018-14879",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14879"
},
{
"name": "CVE-2019-8853",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8853"
},
{
"name": "CVE-2013-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4449"
},
{
"name": "CVE-2018-10105",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10105"
},
{
"name": "CVE-2018-14466",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14466"
},
{
"name": "CVE-2019-8830",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8830"
},
{
"name": "CVE-2019-8833",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8833"
},
{
"name": "CVE-2019-15163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15163"
},
{
"name": "CVE-2018-16301",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16301"
},
{
"name": "CVE-2018-16230",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16230"
},
{
"name": "CVE-2018-16452",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16452"
},
{
"name": "CVE-2019-8848",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8848"
},
{
"name": "CVE-2019-8842",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8842"
},
{
"name": "CVE-2018-14464",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14464"
},
{
"name": "CVE-2018-14462",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14462"
},
{
"name": "CVE-2019-8838",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8838"
},
{
"name": "CVE-2019-15166",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15166"
},
{
"name": "CVE-2018-14461",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14461"
},
{
"name": "CVE-2019-8828",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8828"
},
{
"name": "CVE-2018-14467",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14467"
},
{
"name": "CVE-2019-13565",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13565"
},
{
"name": "CVE-2019-8846",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8846"
},
{
"name": "CVE-2018-14882",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14882"
},
{
"name": "CVE-2019-15167",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15167"
},
{
"name": "CVE-2019-15903",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
},
{
"name": "CVE-2018-16229",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16229"
},
{
"name": "CVE-2018-16300",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16300"
},
{
"name": "CVE-2019-8836",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8836"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-620",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-12-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210792 du 10 d\u00e9cembre 2019",
"url": "https://support.apple.com/en-us/HT210792"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210789 du 10 d\u00e9cembre 2019",
"url": "https://support.apple.com/en-us/HT210789"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210787 du 10 d\u00e9cembre 2019",
"url": "https://support.apple.com/en-us/HT210787"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210785 du 10 d\u00e9cembre 2019",
"url": "https://support.apple.com/en-us/HT210785"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210796 du 10 d\u00e9cembre 2019",
"url": "https://support.apple.com/en-us/HT210796"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210791 du 10 d\u00e9cembre 2019",
"url": "https://support.apple.com/en-us/HT210791"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210790 du 10 d\u00e9cembre 2019",
"url": "https://support.apple.com/en-us/HT210790"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210788 du 10 d\u00e9cembre 2019",
"url": "https://support.apple.com/en-us/HT210788"
}
]
}
CERTFR-2019-AVI-620
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | iOS versions 13.x antérieures à 13.3 | ||
| Apple | N/A | Xcode versions antérieures à 11.3 | ||
| Apple | N/A | watchOS versions 5.x antérieures à 5.3.4 | ||
| Apple | N/A | Mojave sans le correctif de sécurité 2019-002 | ||
| Apple | N/A | watchOS versions 6.x antérieures à 6.1.1 | ||
| Apple | N/A | tvOS versions antérieures à 13.3 | ||
| Apple | N/A | High Sierra sans le correctif de sécurité 2019-007 | ||
| Apple | N/A | iPadOS versions antérieures à 13.3 | ||
| Apple | Safari | Safari versions antérieures à 13.0.4 | ||
| Apple | macOS | macOS Catalina versions antérieures à 10.15.2 | ||
| Apple | N/A | iOS versions 12.x antérieures à 12.4.4 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iOS versions 13.x ant\u00e9rieures \u00e0 13.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 11.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions 5.x ant\u00e9rieures \u00e0 5.3.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Mojave sans le correctif de s\u00e9curit\u00e9 2019-002",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions 6.x ant\u00e9rieures \u00e0 6.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 13.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "High Sierra sans le correctif de s\u00e9curit\u00e9 2019-007",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 13.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 13.0.4",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Catalina versions ant\u00e9rieures \u00e0 10.15.2",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions 12.x ant\u00e9rieures \u00e0 12.4.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-14463",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14463"
},
{
"name": "CVE-2019-8847",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8847"
},
{
"name": "CVE-2018-14468",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14468"
},
{
"name": "CVE-2018-16451",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16451"
},
{
"name": "CVE-2015-1545",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1545"
},
{
"name": "CVE-2012-2668",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2668"
},
{
"name": "CVE-2012-1164",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1164"
},
{
"name": "CVE-2018-14881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14881"
},
{
"name": "CVE-2017-16808",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16808"
},
{
"name": "CVE-2019-13057",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13057"
},
{
"name": "CVE-2019-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8840"
},
{
"name": "CVE-2019-8835",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8835"
},
{
"name": "CVE-2018-16227",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16227"
},
{
"name": "CVE-2019-15165",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15165"
},
{
"name": "CVE-2019-8832",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8832"
},
{
"name": "CVE-2019-8844",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8844"
},
{
"name": "CVE-2019-8857",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8857"
},
{
"name": "CVE-2019-8841",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8841"
},
{
"name": "CVE-2019-8837",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8837"
},
{
"name": "CVE-2018-16228",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16228"
},
{
"name": "CVE-2019-15164",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15164"
},
{
"name": "CVE-2019-8852",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8852"
},
{
"name": "CVE-2019-8839",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8839"
},
{
"name": "CVE-2018-14465",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14465"
},
{
"name": "CVE-2019-15162",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15162"
},
{
"name": "CVE-2018-10103",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10103"
},
{
"name": "CVE-2018-14880",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14880"
},
{
"name": "CVE-2019-15161",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15161"
},
{
"name": "CVE-2018-14470",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14470"
},
{
"name": "CVE-2019-8856",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8856"
},
{
"name": "CVE-2018-14469",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14469"
},
{
"name": "CVE-2018-14879",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14879"
},
{
"name": "CVE-2019-8853",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8853"
},
{
"name": "CVE-2013-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4449"
},
{
"name": "CVE-2018-10105",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10105"
},
{
"name": "CVE-2018-14466",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14466"
},
{
"name": "CVE-2019-8830",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8830"
},
{
"name": "CVE-2019-8833",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8833"
},
{
"name": "CVE-2019-15163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15163"
},
{
"name": "CVE-2018-16301",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16301"
},
{
"name": "CVE-2018-16230",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16230"
},
{
"name": "CVE-2018-16452",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16452"
},
{
"name": "CVE-2019-8848",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8848"
},
{
"name": "CVE-2019-8842",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8842"
},
{
"name": "CVE-2018-14464",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14464"
},
{
"name": "CVE-2018-14462",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14462"
},
{
"name": "CVE-2019-8838",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8838"
},
{
"name": "CVE-2019-15166",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15166"
},
{
"name": "CVE-2018-14461",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14461"
},
{
"name": "CVE-2019-8828",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8828"
},
{
"name": "CVE-2018-14467",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14467"
},
{
"name": "CVE-2019-13565",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13565"
},
{
"name": "CVE-2019-8846",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8846"
},
{
"name": "CVE-2018-14882",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14882"
},
{
"name": "CVE-2019-15167",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15167"
},
{
"name": "CVE-2019-15903",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
},
{
"name": "CVE-2018-16229",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16229"
},
{
"name": "CVE-2018-16300",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16300"
},
{
"name": "CVE-2019-8836",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8836"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-620",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-12-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210792 du 10 d\u00e9cembre 2019",
"url": "https://support.apple.com/en-us/HT210792"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210789 du 10 d\u00e9cembre 2019",
"url": "https://support.apple.com/en-us/HT210789"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210787 du 10 d\u00e9cembre 2019",
"url": "https://support.apple.com/en-us/HT210787"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210785 du 10 d\u00e9cembre 2019",
"url": "https://support.apple.com/en-us/HT210785"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210796 du 10 d\u00e9cembre 2019",
"url": "https://support.apple.com/en-us/HT210796"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210791 du 10 d\u00e9cembre 2019",
"url": "https://support.apple.com/en-us/HT210791"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210790 du 10 d\u00e9cembre 2019",
"url": "https://support.apple.com/en-us/HT210790"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT210788 du 10 d\u00e9cembre 2019",
"url": "https://support.apple.com/en-us/HT210788"
}
]
}
BDU:2019-04649
Vulnerability from fstec - Published: 08.10.2017
VLAI Severity ?
Title
Уязвимость функции print-icmp.c:icmp_print() утилиты для перехвата и анализа сетевого трафика tcpdump, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность
Description
Уязвимость функции print-icmp.c:icmp_print() утилиты для перехвата и анализа сетевого трафика tcpdump связана с чтением за границами буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ к информации и нарушить ее целостность и доступность
Severity ?
Vendor
ООО «РусБИТех-Астра», Сообщество свободного программного обеспечения, The Tcpdump team
Software Name
Astra Linux Special Edition (запись в едином реестре российских программ №369), Debian GNU/Linux, tcpdump
Software Version
1.5 «Смоленск» (Astra Linux Special Edition), 9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), до 4.9.3 (tcpdump)
Possible Mitigations
Использование рекомендаций:
Для tcpdump:
Обновление программного обеспечения до 4.9.3 или более поздней версии
Для Debian:
Обновление программного обеспечения (пакета tcpdump) до 4.9.3-1~deb9u1 или более поздней версии
Для Astra Linux:
Обновление программного обеспечения (пакета tcpdump) до 4.9.3-1~deb9u1 или более поздней версии
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16
Reference
https://nvd.nist.gov/vuln/detail/CVE-2018-14462
https://security-tracker.debian.org/tracker/CVE-2018-14462
https://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16
CWE
CWE-125
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, The Tcpdump team",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), \u0434\u043e 4.9.3 (tcpdump)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f tcpdump:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 4.9.3 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Debian:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 tcpdump) \u0434\u043e 4.9.3-1~deb9u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 tcpdump) \u0434\u043e 4.9.3-1~deb9u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "08.10.2017",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "26.10.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "17.12.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-04649",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-14462",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Debian GNU/Linux, tcpdump",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 print-icmp.c:icmp_print() \u0443\u0442\u0438\u043b\u0438\u0442\u044b \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0438 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u0442\u0440\u0430\u0444\u0438\u043a\u0430 tcpdump, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0435\u0435 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 print-icmp.c:icmp_print() \u0443\u0442\u0438\u043b\u0438\u0442\u044b \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0438 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u0442\u0440\u0430\u0444\u0438\u043a\u0430 tcpdump \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0435\u0435 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2018-14462\nhttps://security-tracker.debian.org/tracker/CVE-2018-14462\nhttps://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}
BDU:2020-04919
Vulnerability from fstec - Published: 03.10.2019
VLAI Severity ?
Title
Уязвимость функции icmp_print() утилиты для перехвата и анализа сетевого трафика tcpdump, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость функции icmp_print() (print-icmp.c) утилиты для перехвата и анализа сетевого трафика tcpdump связана с чтением за границами буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании
Severity ?
Vendor
ООО «РусБИТех-Астра», Canonical Ltd., Сообщество свободного программного обеспечения, Fedora Project, Red Hat Inc., Novell Inc., The Tcpdump team
Software Name
Astra Linux Special Edition (запись в едином реестре российских программ №369), Ubuntu, Debian GNU/Linux, Fedora, Red Hat Enterprise Linux, SUSE Linux Enterprise Module for Basesystem, OpenSUSE Leap, SUSE Linux Enterprise Point of Sale, Suse Linux Enterprise Server, SUSE Linux Enterprise Server for SAP Applications, tcpdump, SUSE Linux Enterprise High Performance Computing
Software Version
1.5 «Смоленск» (Astra Linux Special Edition), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 29 (Fedora), 12.04 ESM (Ubuntu), 8 (Red Hat Enterprise Linux), 15 (SUSE Linux Enterprise Module for Basesystem), 15 SP1 (SUSE Linux Enterprise Module for Basesystem), 15.0 (OpenSUSE Leap), 11 SP3 (SUSE Linux Enterprise Point of Sale), 15.1 (OpenSUSE Leap), 11 SP4-LTSS (Suse Linux Enterprise Server), 11 SP4-LTSS (SUSE Linux Enterprise Server for SAP Applications), 30 (Fedora), 14.04 ESM (Ubuntu), 12 SP5 (Suse Linux Enterprise Server), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 31 (Fedora), до 4.9.3 (tcpdump), 12 SP5 (SUSE Linux Enterprise High Performance Computing)
Possible Mitigations
Использование рекомендаций:
Для tcpdump:
https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3
Для Astra Linux:
Обновление программного обеспечения (пакета tcpdump) до 4.9.3-1~deb9u1 или более поздней версии
Для Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2018-14462
Для Ubuntu:
https://usn.ubuntu.com/4252-1/
https://usn.ubuntu.com/4252-2/
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2018-14462/
https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
Для Debian GNU/Linux:
https://www.debian.org/security/2019/dsa-4547
https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
Reference
https://www.suse.com/security/cve/CVE-2018-14462/
https://nvd.nist.gov/vuln/detail/CVE-2018-14462
https://usn.ubuntu.com/4252-1/
https://usn.ubuntu.com/4252-2/
https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
https://www.debian.org/security/2019/dsa-4547
https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3
https://access.redhat.com/security/cve/CVE-2018-14462
https://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15
CWE
CWE-125
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Fedora Project, Red Hat Inc., Novell Inc., The Tcpdump team",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 29 (Fedora), 12.04 ESM (Ubuntu), 8 (Red Hat Enterprise Linux), 15 (SUSE Linux Enterprise Module for Basesystem), 15 SP1 (SUSE Linux Enterprise Module for Basesystem), 15.0 (OpenSUSE Leap), 11 SP3 (SUSE Linux Enterprise Point of Sale), 15.1 (OpenSUSE Leap), 11 SP4-LTSS (Suse Linux Enterprise Server), 11 SP4-LTSS (SUSE Linux Enterprise Server for SAP Applications), 30 (Fedora), 14.04 ESM (Ubuntu), 12 SP5 (Suse Linux Enterprise Server), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 31 (Fedora), \u0434\u043e 4.9.3 (tcpdump), 12 SP5 (SUSE Linux Enterprise High Performance Computing)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f tcpdump:\nhttps://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES\nhttps://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 tcpdump) \u0434\u043e 4.9.3-1~deb9u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2018-14462\n\n\u0414\u043b\u044f Ubuntu:\nhttps://usn.ubuntu.com/4252-1/ \nhttps://usn.ubuntu.com/4252-2/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2018-14462/\nhttps://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://www.debian.org/security/2019/dsa-4547\nhttps://lists.debian.org/debian-lts-announce/2019/10/msg00015.html",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "03.10.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "17.12.2020",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "02.11.2020",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-04919",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-14462",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Ubuntu, Debian GNU/Linux, Fedora, Red Hat Enterprise Linux, SUSE Linux Enterprise Module for Basesystem, OpenSUSE Leap, SUSE Linux Enterprise Point of Sale, Suse Linux Enterprise Server, SUSE Linux Enterprise Server for SAP Applications, tcpdump, SUSE Linux Enterprise High Performance Computing",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Canonical Ltd. Ubuntu 16.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , Fedora Project Fedora 29 , Canonical Ltd. Ubuntu 12.04 ESM , Red Hat Inc. Red Hat Enterprise Linux 8 , Novell Inc. OpenSUSE Leap 15.0 , Novell Inc. OpenSUSE Leap 15.1 , Novell Inc. Suse Linux Enterprise Server 11 SP4-LTSS , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS , Fedora Project Fedora 30 , Canonical Ltd. Ubuntu 14.04 ESM , Novell Inc. Suse Linux Enterprise Server 12 SP5 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Fedora Project Fedora 31 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 icmp_print() \u0443\u0442\u0438\u043b\u0438\u0442\u044b \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0438 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u0442\u0440\u0430\u0444\u0438\u043a\u0430 tcpdump, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 icmp_print() (print-icmp.c) \u0443\u0442\u0438\u043b\u0438\u0442\u044b \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0438 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u0442\u0440\u0430\u0444\u0438\u043a\u0430 tcpdump \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.suse.com/security/cve/CVE-2018-14462/\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14462\nhttps://usn.ubuntu.com/4252-1/ \nhttps://usn.ubuntu.com/4252-2/\nhttps://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/\nhttps://www.debian.org/security/2019/dsa-4547\nhttps://lists.debian.org/debian-lts-announce/2019/10/msg00015.html\nhttps://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES\nhttps://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3\nhttps://access.redhat.com/security/cve/CVE-2018-14462\nhttps://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
CNVD-2019-40786
Vulnerability from cnvd - Published: 2019-11-15
VLAI Severity ?
Title
tcpdump缓冲区溢出漏洞(CNVD-2019-40786)
Description
tcpdump是Tcpdump团队的一套运行在命令行下的嗅探工具。该工具主要用于数据包分析和网络流量捕获等。
tcpdump 4.9.3之前版本中的ICMP解析器的print-icmp.c文件中的‘icmp_print()’函数存在缓冲区错误漏洞。该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。
Severity
高
Patch Name
tcpdump缓冲区溢出漏洞(CNVD-2019-40786)的补丁
Patch Description
tcpdump是Tcpdump团队的一套运行在命令行下的嗅探工具。该工具主要用于数据包分析和网络流量捕获等。
tcpdump 4.9.3之前版本中的ICMP解析器的print-icmp.c文件中的‘icmp_print()’函数存在缓冲区错误漏洞。该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
Reference
https://nvd.nist.gov/vuln/detail/CVE-2018-14462
Impacted products
| Name | Tcpdump tcpdump <4.9.3 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-14462"
}
},
"description": "tcpdump\u662fTcpdump\u56e2\u961f\u7684\u4e00\u5957\u8fd0\u884c\u5728\u547d\u4ee4\u884c\u4e0b\u7684\u55c5\u63a2\u5de5\u5177\u3002\u8be5\u5de5\u5177\u4e3b\u8981\u7528\u4e8e\u6570\u636e\u5305\u5206\u6790\u548c\u7f51\u7edc\u6d41\u91cf\u6355\u83b7\u7b49\u3002\n\ntcpdump 4.9.3\u4e4b\u524d\u7248\u672c\u4e2d\u7684ICMP\u89e3\u6790\u5668\u7684print-icmp.c\u6587\u4ef6\u4e2d\u7684\u2018icmp_print()\u2019\u51fd\u6570\u5b58\u5728\u7f13\u51b2\u533a\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u5185\u5b58\u4e0a\u6267\u884c\u64cd\u4f5c\u65f6\uff0c\u672a\u6b63\u786e\u9a8c\u8bc1\u6570\u636e\u8fb9\u754c\uff0c\u5bfc\u81f4\u5411\u5173\u8054\u7684\u5176\u4ed6\u5185\u5b58\u4f4d\u7f6e\u4e0a\u6267\u884c\u4e86\u9519\u8bef\u7684\u8bfb\u5199\u64cd\u4f5c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u6216\u5806\u6ea2\u51fa\u7b49\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-40786",
"openTime": "2019-11-15",
"patchDescription": "tcpdump\u662fTcpdump\u56e2\u961f\u7684\u4e00\u5957\u8fd0\u884c\u5728\u547d\u4ee4\u884c\u4e0b\u7684\u55c5\u63a2\u5de5\u5177\u3002\u8be5\u5de5\u5177\u4e3b\u8981\u7528\u4e8e\u6570\u636e\u5305\u5206\u6790\u548c\u7f51\u7edc\u6d41\u91cf\u6355\u83b7\u7b49\u3002\r\n\r\ntcpdump 4.9.3\u4e4b\u524d\u7248\u672c\u4e2d\u7684ICMP\u89e3\u6790\u5668\u7684print-icmp.c\u6587\u4ef6\u4e2d\u7684\u2018icmp_print()\u2019\u51fd\u6570\u5b58\u5728\u7f13\u51b2\u533a\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u5185\u5b58\u4e0a\u6267\u884c\u64cd\u4f5c\u65f6\uff0c\u672a\u6b63\u786e\u9a8c\u8bc1\u6570\u636e\u8fb9\u754c\uff0c\u5bfc\u81f4\u5411\u5173\u8054\u7684\u5176\u4ed6\u5185\u5b58\u4f4d\u7f6e\u4e0a\u6267\u884c\u4e86\u9519\u8bef\u7684\u8bfb\u5199\u64cd\u4f5c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u6216\u5806\u6ea2\u51fa\u7b49\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "tcpdump\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2019-40786\uff09\u7684\u8865\u4e01",
"products": {
"product": "Tcpdump tcpdump \u003c4.9.3"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-14462",
"serverity": "\u9ad8",
"submitTime": "2019-11-11",
"title": "tcpdump\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2019-40786\uff09"
}
FKIE_CVE-2018-14462
Vulnerability from fkie_nvd - Published: 2019-10-03 16:15 - Updated: 2025-12-03 21:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tcpdump | tcpdump | * | |
| f5 | traffix_signaling_delivery_controller | * | |
| tcpdump | tcpdump | * | |
| apple | mac_os_x | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA59BD9C-6C0C-4584-A8CC-8C652E9D36AF",
"versionEndExcluding": "4.9.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700",
"versionEndIncluding": "5.1.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA59BD9C-6C0C-4584-A8CC-8C652E9D36AF",
"versionEndExcluding": "4.9.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F15588EA-D854-4694-97C6-53D9AA8B6F2D",
"versionEndExcluding": "10.15.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print()."
},
{
"lang": "es",
"value": "El analizador ICMP en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del b\u00fafer en print-icmp.c:icmp_print()."
}
],
"id": "CVE-2018-14462",
"lastModified": "2025-12-03T21:15:49.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2019-10-03T16:15:11.490",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Dec/26"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Dec/23"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Oct/28"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20200120-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210788"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4252-1/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4252-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Dec/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Dec/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Oct/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20200120-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4252-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4252-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4547"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-4F2V-4FXM-HW3F
Vulnerability from github – Published: 2022-05-24 16:57 – Updated: 2025-12-03 21:30
VLAI?
Details
The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2018-14462"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-03T16:15:00Z",
"severity": "MODERATE"
},
"details": "The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().",
"id": "GHSA-4f2v-4fxm-hw3f",
"modified": "2025-12-03T21:30:56Z",
"published": "2022-05-24T16:57:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14462"
},
{
"type": "WEB",
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4547"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4252-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4252-1"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT210788"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200120-0001"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Oct/28"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Dec/23"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html"
},
{
"type": "WEB",
"url": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/Dec/26"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2018-14462
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-14462",
"description": "The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().",
"id": "GSD-2018-14462",
"references": [
"https://www.suse.com/security/cve/CVE-2018-14462.html",
"https://www.debian.org/security/2019/dsa-4547",
"https://access.redhat.com/errata/RHSA-2020:4760",
"https://ubuntu.com/security/CVE-2018-14462",
"https://advisories.mageia.org/CVE-2018-14462.html",
"https://linux.oracle.com/cve/CVE-2018-14462.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-14462"
],
"details": "The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().",
"id": "GSD-2018-14462",
"modified": "2023-12-13T01:22:38.222670Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES",
"refsource": "MISC",
"url": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES"
},
{
"name": "https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3",
"refsource": "CONFIRM",
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3"
},
{
"name": "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html"
},
{
"name": "openSUSE-SU-2019:2344",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html"
},
{
"name": "openSUSE-SU-2019:2348",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html"
},
{
"name": "20191021 [SECURITY] [DSA 4547-1] tcpdump security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Oct/28"
},
{
"name": "DSA-4547",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4547"
},
{
"name": "FEDORA-2019-85d92df70f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/"
},
{
"name": "FEDORA-2019-d06bc63433",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/"
},
{
"name": "FEDORA-2019-6db0d5b9d9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/"
},
{
"name": "https://support.apple.com/kb/HT210788",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210788"
},
{
"name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Dec/23"
},
{
"name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Dec/26"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200120-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200120-0001/"
},
{
"name": "USN-4252-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4252-2/"
},
{
"name": "USN-4252-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4252-1/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.9.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.1.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.9.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.15.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14462"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3"
},
{
"name": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES",
"refsource": "MISC",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES"
},
{
"name": "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update",
"refsource": "MLIST",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html"
},
{
"name": "openSUSE-SU-2019:2348",
"refsource": "SUSE",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html"
},
{
"name": "openSUSE-SU-2019:2344",
"refsource": "SUSE",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html"
},
{
"name": "20191021 [SECURITY] [DSA 4547-1] tcpdump security update",
"refsource": "BUGTRAQ",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Oct/28"
},
{
"name": "DSA-4547",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4547"
},
{
"name": "FEDORA-2019-85d92df70f",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/"
},
{
"name": "FEDORA-2019-d06bc63433",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/"
},
{
"name": "FEDORA-2019-6db0d5b9d9",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/"
},
{
"name": "https://support.apple.com/kb/HT210788",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210788"
},
{
"name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra",
"refsource": "BUGTRAQ",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Dec/23"
},
{
"name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra",
"refsource": "FULLDISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Dec/26"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200120-0001/",
"refsource": "CONFIRM",
"tags": [],
"url": "https://security.netapp.com/advisory/ntap-20200120-0001/"
},
{
"name": "USN-4252-2",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/4252-2/"
},
{
"name": "USN-4252-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/4252-1/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-08-16T14:17Z",
"publishedDate": "2019-10-03T16:15Z"
}
}
}
OPENSUSE-SU-2019:2344-1
Vulnerability from csaf_opensuse - Published: 2019-10-20 16:18 - Updated: 2019-10-20 16:18Summary
Security update for tcpdump
Severity
Important
Notes
Title of the patch: Security update for tcpdump
Description of the patch: This update for tcpdump fixes the following issues:
- CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print and lookup_emem (bsc#1068716 bsc#1153098).
- CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098).
- CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098).
- CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098).
- CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098).
- CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098).
- CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098).
- CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098).
- CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098).
- CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098).
- CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098).
- CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098).
- CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2 (bsc#1153098).
- CVE-2018-14879: Fixed a buffer overflow in the command-line argument parser (bsc#1153098).
- CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser (bsc#1153098).
- CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098).
- CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098).
- CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in print-802_11.c for the Mesh Flags subfield (bsc#1153098).
- CVE-2018-16228: Fixed a buffer over-read in the HNCP parser (bsc#1153098).
- CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098).
- CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098).
- CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098).
- CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098).
- CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN (bsc#1153098).
- CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098).
- CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098).
- CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-2344
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
96 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tcpdump",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tcpdump fixes the following issues:\n\n- CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print and lookup_emem (bsc#1068716 bsc#1153098).\n- CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098).\n- CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098).\n- CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098).\n- CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098).\n- CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098).\n- CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098).\n- CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098).\n- CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098).\n- CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098).\n- CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098).\n- CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098).\n- CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2 (bsc#1153098).\n- CVE-2018-14879: Fixed a buffer overflow in the command-line argument parser (bsc#1153098).\n- CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser (bsc#1153098).\n- CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098).\n- CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098).\n- CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in print-802_11.c for the Mesh Flags subfield (bsc#1153098).\n- CVE-2018-16228: Fixed a buffer over-read in the HNCP parser (bsc#1153098).\n- CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098).\n- CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098).\n- CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098).\n- CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098).\n- CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN (bsc#1153098).\n- CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098).\n- CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098).\n- CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2344",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2344-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2344-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MKQWXXAEJMKN6KVJXWDQTBKWQTVSGWAA/#MKQWXXAEJMKN6KVJXWDQTBKWQTVSGWAA"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2344-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MKQWXXAEJMKN6KVJXWDQTBKWQTVSGWAA/#MKQWXXAEJMKN6KVJXWDQTBKWQTVSGWAA"
},
{
"category": "self",
"summary": "SUSE Bug 1068716",
"url": "https://bugzilla.suse.com/1068716"
},
{
"category": "self",
"summary": "SUSE Bug 1153098",
"url": "https://bugzilla.suse.com/1153098"
},
{
"category": "self",
"summary": "SUSE Bug 1153332",
"url": "https://bugzilla.suse.com/1153332"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16808 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16808/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10103 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10105 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10105/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14461 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14461/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14462 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14462/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14463 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14463/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14464 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14464/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14465 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14466 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14466/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14467 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14468 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14469 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14469/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14470 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14470/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14879 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14879/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14880 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14880/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14881 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14882 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16227 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16227/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16228 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16228/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16229 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16230 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16230/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16300 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16301 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16451 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16451/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16452 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16452/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1010220 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1010220/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15166 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15167 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15167/"
}
],
"title": "Security update for tcpdump",
"tracking": {
"current_release_date": "2019-10-20T16:18:13Z",
"generator": {
"date": "2019-10-20T16:18:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2344-1",
"initial_release_date": "2019-10-20T16:18:13Z",
"revision_history": [
{
"date": "2019-10-20T16:18:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tcpdump-4.9.2-lp150.10.1.x86_64",
"product": {
"name": "tcpdump-4.9.2-lp150.10.1.x86_64",
"product_id": "tcpdump-4.9.2-lp150.10.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tcpdump-4.9.2-lp150.10.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
},
"product_reference": "tcpdump-4.9.2-lp150.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-16808",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16808"
}
],
"notes": [
{
"category": "general",
"text": "tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16808",
"url": "https://www.suse.com/security/cve/CVE-2017-16808"
},
{
"category": "external",
"summary": "SUSE Bug 1068716 for CVE-2017-16808",
"url": "https://bugzilla.suse.com/1068716"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2017-16808",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T16:18:13Z",
"details": "important"
}
],
"title": "CVE-2017-16808"
},
{
"cve": "CVE-2018-10103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10103"
}
],
"notes": [
{
"category": "general",
"text": "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10103",
"url": "https://www.suse.com/security/cve/CVE-2018-10103"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-10103",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T16:18:13Z",
"details": "moderate"
}
],
"title": "CVE-2018-10103"
},
{
"cve": "CVE-2018-10105",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10105"
}
],
"notes": [
{
"category": "general",
"text": "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10105",
"url": "https://www.suse.com/security/cve/CVE-2018-10105"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-10105",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T16:18:13Z",
"details": "moderate"
}
],
"title": "CVE-2018-10105"
},
{
"cve": "CVE-2018-14461",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14461"
}
],
"notes": [
{
"category": "general",
"text": "The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14461",
"url": "https://www.suse.com/security/cve/CVE-2018-14461"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-14461",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T16:18:13Z",
"details": "moderate"
}
],
"title": "CVE-2018-14461"
},
{
"cve": "CVE-2018-14462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14462"
}
],
"notes": [
{
"category": "general",
"text": "The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14462",
"url": "https://www.suse.com/security/cve/CVE-2018-14462"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-14462",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T16:18:13Z",
"details": "moderate"
}
],
"title": "CVE-2018-14462"
},
{
"cve": "CVE-2018-14463",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14463"
}
],
"notes": [
{
"category": "general",
"text": "The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14463",
"url": "https://www.suse.com/security/cve/CVE-2018-14463"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-14463",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T16:18:13Z",
"details": "moderate"
}
],
"title": "CVE-2018-14463"
},
{
"cve": "CVE-2018-14464",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14464"
}
],
"notes": [
{
"category": "general",
"text": "The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14464",
"url": "https://www.suse.com/security/cve/CVE-2018-14464"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-14464",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T16:18:13Z",
"details": "moderate"
}
],
"title": "CVE-2018-14464"
},
{
"cve": "CVE-2018-14465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14465"
}
],
"notes": [
{
"category": "general",
"text": "The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14465",
"url": "https://www.suse.com/security/cve/CVE-2018-14465"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-14465",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T16:18:13Z",
"details": "moderate"
}
],
"title": "CVE-2018-14465"
},
{
"cve": "CVE-2018-14466",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14466"
}
],
"notes": [
{
"category": "general",
"text": "The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14466",
"url": "https://www.suse.com/security/cve/CVE-2018-14466"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-14466",
"url": "https://bugzilla.suse.com/1153098"
},
{
"category": "external",
"summary": "SUSE Bug 1166972 for CVE-2018-14466",
"url": "https://bugzilla.suse.com/1166972"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T16:18:13Z",
"details": "moderate"
}
],
"title": "CVE-2018-14466"
},
{
"cve": "CVE-2018-14467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14467"
}
],
"notes": [
{
"category": "general",
"text": "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14467",
"url": "https://www.suse.com/security/cve/CVE-2018-14467"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-14467",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T16:18:13Z",
"details": "moderate"
}
],
"title": "CVE-2018-14467"
},
{
"cve": "CVE-2018-14468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14468"
}
],
"notes": [
{
"category": "general",
"text": "The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14468",
"url": "https://www.suse.com/security/cve/CVE-2018-14468"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-14468",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T16:18:13Z",
"details": "moderate"
}
],
"title": "CVE-2018-14468"
},
{
"cve": "CVE-2018-14469",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14469"
}
],
"notes": [
{
"category": "general",
"text": "The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14469",
"url": "https://www.suse.com/security/cve/CVE-2018-14469"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-14469",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T16:18:13Z",
"details": "moderate"
}
],
"title": "CVE-2018-14469"
},
{
"cve": "CVE-2018-14470",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14470"
}
],
"notes": [
{
"category": "general",
"text": "The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14470",
"url": "https://www.suse.com/security/cve/CVE-2018-14470"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-14470",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T16:18:13Z",
"details": "moderate"
}
],
"title": "CVE-2018-14470"
},
{
"cve": "CVE-2018-14879",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14879"
}
],
"notes": [
{
"category": "general",
"text": "The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14879",
"url": "https://www.suse.com/security/cve/CVE-2018-14879"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-14879",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T16:18:13Z",
"details": "low"
}
],
"title": "CVE-2018-14879"
},
{
"cve": "CVE-2018-14880",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14880"
}
],
"notes": [
{
"category": "general",
"text": "The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14880",
"url": "https://www.suse.com/security/cve/CVE-2018-14880"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-14880",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T16:18:13Z",
"details": "moderate"
}
],
"title": "CVE-2018-14880"
},
{
"cve": "CVE-2018-14881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14881"
}
],
"notes": [
{
"category": "general",
"text": "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14881",
"url": "https://www.suse.com/security/cve/CVE-2018-14881"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-14881",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T16:18:13Z",
"details": "moderate"
}
],
"title": "CVE-2018-14881"
},
{
"cve": "CVE-2018-14882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14882"
}
],
"notes": [
{
"category": "general",
"text": "The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14882",
"url": "https://www.suse.com/security/cve/CVE-2018-14882"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-14882",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T16:18:13Z",
"details": "moderate"
}
],
"title": "CVE-2018-14882"
},
{
"cve": "CVE-2018-16227",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16227"
}
],
"notes": [
{
"category": "general",
"text": "The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16227",
"url": "https://www.suse.com/security/cve/CVE-2018-16227"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-16227",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T16:18:13Z",
"details": "moderate"
}
],
"title": "CVE-2018-16227"
},
{
"cve": "CVE-2018-16228",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16228"
}
],
"notes": [
{
"category": "general",
"text": "The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16228",
"url": "https://www.suse.com/security/cve/CVE-2018-16228"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-16228",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T16:18:13Z",
"details": "moderate"
}
],
"title": "CVE-2018-16228"
},
{
"cve": "CVE-2018-16229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16229"
}
],
"notes": [
{
"category": "general",
"text": "The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16229",
"url": "https://www.suse.com/security/cve/CVE-2018-16229"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-16229",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T16:18:13Z",
"details": "moderate"
}
],
"title": "CVE-2018-16229"
},
{
"cve": "CVE-2018-16230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16230"
}
],
"notes": [
{
"category": "general",
"text": "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16230",
"url": "https://www.suse.com/security/cve/CVE-2018-16230"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-16230",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T16:18:13Z",
"details": "moderate"
}
],
"title": "CVE-2018-16230"
},
{
"cve": "CVE-2018-16300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16300"
}
],
"notes": [
{
"category": "general",
"text": "The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16300",
"url": "https://www.suse.com/security/cve/CVE-2018-16300"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-16300",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T16:18:13Z",
"details": "important"
}
],
"title": "CVE-2018-16300"
},
{
"cve": "CVE-2018-16301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16301"
}
],
"notes": [
{
"category": "general",
"text": "The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16301",
"url": "https://www.suse.com/security/cve/CVE-2018-16301"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-16301",
"url": "https://bugzilla.suse.com/1153098"
},
{
"category": "external",
"summary": "SUSE Bug 1153332 for CVE-2018-16301",
"url": "https://bugzilla.suse.com/1153332"
},
{
"category": "external",
"summary": "SUSE Bug 1195825 for CVE-2018-16301",
"url": "https://bugzilla.suse.com/1195825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T16:18:13Z",
"details": "important"
}
],
"title": "CVE-2018-16301"
},
{
"cve": "CVE-2018-16451",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16451"
}
],
"notes": [
{
"category": "general",
"text": "The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16451",
"url": "https://www.suse.com/security/cve/CVE-2018-16451"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-16451",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T16:18:13Z",
"details": "moderate"
}
],
"title": "CVE-2018-16451"
},
{
"cve": "CVE-2018-16452",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16452"
}
],
"notes": [
{
"category": "general",
"text": "The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16452",
"url": "https://www.suse.com/security/cve/CVE-2018-16452"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-16452",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T16:18:13Z",
"details": "moderate"
}
],
"title": "CVE-2018-16452"
},
{
"cve": "CVE-2019-1010220",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1010220"
}
],
"notes": [
{
"category": "general",
"text": "tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: \"ND_PRINT((ndo, \"%s\", buf));\", in function named \"print_prefix\", in \"print-hncp.c\". The attack vector is: The victim must open a specially crafted pcap file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1010220",
"url": "https://www.suse.com/security/cve/CVE-2019-1010220"
},
{
"category": "external",
"summary": "SUSE Bug 1142439 for CVE-2019-1010220",
"url": "https://bugzilla.suse.com/1142439"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2019-1010220",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T16:18:13Z",
"details": "moderate"
}
],
"title": "CVE-2019-1010220"
},
{
"cve": "CVE-2019-15166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15166"
}
],
"notes": [
{
"category": "general",
"text": "lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15166",
"url": "https://www.suse.com/security/cve/CVE-2019-15166"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2019-15166",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T16:18:13Z",
"details": "moderate"
}
],
"title": "CVE-2019-15166"
},
{
"cve": "CVE-2019-15167",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15167"
}
],
"notes": [
{
"category": "general",
"text": "The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15167",
"url": "https://www.suse.com/security/cve/CVE-2019-15167"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2019-15167",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T16:18:13Z",
"details": "moderate"
}
],
"title": "CVE-2019-15167"
}
]
}
OPENSUSE-SU-2019:2348-1
Vulnerability from csaf_opensuse - Published: 2019-10-20 18:19 - Updated: 2019-10-20 18:19Summary
Security update for tcpdump
Severity
Important
Notes
Title of the patch: Security update for tcpdump
Description of the patch: This update for tcpdump fixes the following issues:
- CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print and lookup_emem (bsc#1068716 bsc#1153098).
- CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098).
- CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098).
- CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098).
- CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098).
- CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098).
- CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098).
- CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098).
- CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098).
- CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098).
- CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098).
- CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098).
- CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2 (bsc#1153098).
- CVE-2018-14879: Fixed a buffer overflow in the command-line argument parser (bsc#1153098).
- CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser (bsc#1153098).
- CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098).
- CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098).
- CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in print-802_11.c for the Mesh Flags subfield (bsc#1153098).
- CVE-2018-16228: Fixed a buffer over-read in the HNCP parser (bsc#1153098).
- CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098).
- CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098).
- CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098).
- CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098).
- CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN (bsc#1153098).
- CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098).
- CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098).
- CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-2348
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
96 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tcpdump",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tcpdump fixes the following issues:\n\n- CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print and lookup_emem (bsc#1068716 bsc#1153098).\n- CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098).\n- CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098).\n- CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098).\n- CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098).\n- CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098).\n- CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098).\n- CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098).\n- CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098).\n- CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098).\n- CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098).\n- CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098).\n- CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2 (bsc#1153098).\n- CVE-2018-14879: Fixed a buffer overflow in the command-line argument parser (bsc#1153098).\n- CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser (bsc#1153098).\n- CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098).\n- CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098).\n- CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in print-802_11.c for the Mesh Flags subfield (bsc#1153098).\n- CVE-2018-16228: Fixed a buffer over-read in the HNCP parser (bsc#1153098).\n- CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098).\n- CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098).\n- CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098).\n- CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098).\n- CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN (bsc#1153098).\n- CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098).\n- CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098).\n- CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2348",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2348-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2348-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZPOIE2ZQZQ57X2YSWXD43L2MIX37I54G/#ZPOIE2ZQZQ57X2YSWXD43L2MIX37I54G"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2348-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZPOIE2ZQZQ57X2YSWXD43L2MIX37I54G/#ZPOIE2ZQZQ57X2YSWXD43L2MIX37I54G"
},
{
"category": "self",
"summary": "SUSE Bug 1068716",
"url": "https://bugzilla.suse.com/1068716"
},
{
"category": "self",
"summary": "SUSE Bug 1153098",
"url": "https://bugzilla.suse.com/1153098"
},
{
"category": "self",
"summary": "SUSE Bug 1153332",
"url": "https://bugzilla.suse.com/1153332"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16808 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16808/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10103 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10105 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10105/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14461 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14461/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14462 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14462/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14463 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14463/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14464 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14464/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14465 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14466 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14466/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14467 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14468 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14469 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14469/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14470 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14470/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14879 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14879/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14880 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14880/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14881 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14882 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16227 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16227/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16228 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16228/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16229 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16230 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16230/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16300 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16301 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16451 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16451/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16452 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16452/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1010220 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1010220/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15166 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15167 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15167/"
}
],
"title": "Security update for tcpdump",
"tracking": {
"current_release_date": "2019-10-20T18:19:33Z",
"generator": {
"date": "2019-10-20T18:19:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2348-1",
"initial_release_date": "2019-10-20T18:19:33Z",
"revision_history": [
{
"date": "2019-10-20T18:19:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tcpdump-4.9.2-lp151.4.6.1.x86_64",
"product": {
"name": "tcpdump-4.9.2-lp151.4.6.1.x86_64",
"product_id": "tcpdump-4.9.2-lp151.4.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tcpdump-4.9.2-lp151.4.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
},
"product_reference": "tcpdump-4.9.2-lp151.4.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-16808",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16808"
}
],
"notes": [
{
"category": "general",
"text": "tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16808",
"url": "https://www.suse.com/security/cve/CVE-2017-16808"
},
{
"category": "external",
"summary": "SUSE Bug 1068716 for CVE-2017-16808",
"url": "https://bugzilla.suse.com/1068716"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2017-16808",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T18:19:33Z",
"details": "important"
}
],
"title": "CVE-2017-16808"
},
{
"cve": "CVE-2018-10103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10103"
}
],
"notes": [
{
"category": "general",
"text": "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10103",
"url": "https://www.suse.com/security/cve/CVE-2018-10103"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-10103",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T18:19:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-10103"
},
{
"cve": "CVE-2018-10105",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10105"
}
],
"notes": [
{
"category": "general",
"text": "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10105",
"url": "https://www.suse.com/security/cve/CVE-2018-10105"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-10105",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T18:19:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-10105"
},
{
"cve": "CVE-2018-14461",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14461"
}
],
"notes": [
{
"category": "general",
"text": "The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14461",
"url": "https://www.suse.com/security/cve/CVE-2018-14461"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-14461",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T18:19:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-14461"
},
{
"cve": "CVE-2018-14462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14462"
}
],
"notes": [
{
"category": "general",
"text": "The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14462",
"url": "https://www.suse.com/security/cve/CVE-2018-14462"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-14462",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T18:19:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-14462"
},
{
"cve": "CVE-2018-14463",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14463"
}
],
"notes": [
{
"category": "general",
"text": "The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14463",
"url": "https://www.suse.com/security/cve/CVE-2018-14463"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-14463",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T18:19:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-14463"
},
{
"cve": "CVE-2018-14464",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14464"
}
],
"notes": [
{
"category": "general",
"text": "The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14464",
"url": "https://www.suse.com/security/cve/CVE-2018-14464"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-14464",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T18:19:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-14464"
},
{
"cve": "CVE-2018-14465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14465"
}
],
"notes": [
{
"category": "general",
"text": "The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14465",
"url": "https://www.suse.com/security/cve/CVE-2018-14465"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-14465",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T18:19:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-14465"
},
{
"cve": "CVE-2018-14466",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14466"
}
],
"notes": [
{
"category": "general",
"text": "The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14466",
"url": "https://www.suse.com/security/cve/CVE-2018-14466"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-14466",
"url": "https://bugzilla.suse.com/1153098"
},
{
"category": "external",
"summary": "SUSE Bug 1166972 for CVE-2018-14466",
"url": "https://bugzilla.suse.com/1166972"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T18:19:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-14466"
},
{
"cve": "CVE-2018-14467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14467"
}
],
"notes": [
{
"category": "general",
"text": "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14467",
"url": "https://www.suse.com/security/cve/CVE-2018-14467"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-14467",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T18:19:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-14467"
},
{
"cve": "CVE-2018-14468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14468"
}
],
"notes": [
{
"category": "general",
"text": "The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14468",
"url": "https://www.suse.com/security/cve/CVE-2018-14468"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-14468",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T18:19:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-14468"
},
{
"cve": "CVE-2018-14469",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14469"
}
],
"notes": [
{
"category": "general",
"text": "The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14469",
"url": "https://www.suse.com/security/cve/CVE-2018-14469"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-14469",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T18:19:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-14469"
},
{
"cve": "CVE-2018-14470",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14470"
}
],
"notes": [
{
"category": "general",
"text": "The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14470",
"url": "https://www.suse.com/security/cve/CVE-2018-14470"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-14470",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T18:19:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-14470"
},
{
"cve": "CVE-2018-14879",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14879"
}
],
"notes": [
{
"category": "general",
"text": "The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14879",
"url": "https://www.suse.com/security/cve/CVE-2018-14879"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-14879",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T18:19:33Z",
"details": "low"
}
],
"title": "CVE-2018-14879"
},
{
"cve": "CVE-2018-14880",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14880"
}
],
"notes": [
{
"category": "general",
"text": "The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14880",
"url": "https://www.suse.com/security/cve/CVE-2018-14880"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-14880",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T18:19:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-14880"
},
{
"cve": "CVE-2018-14881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14881"
}
],
"notes": [
{
"category": "general",
"text": "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14881",
"url": "https://www.suse.com/security/cve/CVE-2018-14881"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-14881",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T18:19:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-14881"
},
{
"cve": "CVE-2018-14882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14882"
}
],
"notes": [
{
"category": "general",
"text": "The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14882",
"url": "https://www.suse.com/security/cve/CVE-2018-14882"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-14882",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T18:19:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-14882"
},
{
"cve": "CVE-2018-16227",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16227"
}
],
"notes": [
{
"category": "general",
"text": "The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16227",
"url": "https://www.suse.com/security/cve/CVE-2018-16227"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-16227",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T18:19:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-16227"
},
{
"cve": "CVE-2018-16228",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16228"
}
],
"notes": [
{
"category": "general",
"text": "The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16228",
"url": "https://www.suse.com/security/cve/CVE-2018-16228"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-16228",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T18:19:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-16228"
},
{
"cve": "CVE-2018-16229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16229"
}
],
"notes": [
{
"category": "general",
"text": "The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16229",
"url": "https://www.suse.com/security/cve/CVE-2018-16229"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-16229",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T18:19:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-16229"
},
{
"cve": "CVE-2018-16230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16230"
}
],
"notes": [
{
"category": "general",
"text": "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16230",
"url": "https://www.suse.com/security/cve/CVE-2018-16230"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-16230",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T18:19:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-16230"
},
{
"cve": "CVE-2018-16300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16300"
}
],
"notes": [
{
"category": "general",
"text": "The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16300",
"url": "https://www.suse.com/security/cve/CVE-2018-16300"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-16300",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T18:19:33Z",
"details": "important"
}
],
"title": "CVE-2018-16300"
},
{
"cve": "CVE-2018-16301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16301"
}
],
"notes": [
{
"category": "general",
"text": "The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16301",
"url": "https://www.suse.com/security/cve/CVE-2018-16301"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-16301",
"url": "https://bugzilla.suse.com/1153098"
},
{
"category": "external",
"summary": "SUSE Bug 1153332 for CVE-2018-16301",
"url": "https://bugzilla.suse.com/1153332"
},
{
"category": "external",
"summary": "SUSE Bug 1195825 for CVE-2018-16301",
"url": "https://bugzilla.suse.com/1195825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T18:19:33Z",
"details": "important"
}
],
"title": "CVE-2018-16301"
},
{
"cve": "CVE-2018-16451",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16451"
}
],
"notes": [
{
"category": "general",
"text": "The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16451",
"url": "https://www.suse.com/security/cve/CVE-2018-16451"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-16451",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T18:19:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-16451"
},
{
"cve": "CVE-2018-16452",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16452"
}
],
"notes": [
{
"category": "general",
"text": "The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16452",
"url": "https://www.suse.com/security/cve/CVE-2018-16452"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2018-16452",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T18:19:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-16452"
},
{
"cve": "CVE-2019-1010220",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1010220"
}
],
"notes": [
{
"category": "general",
"text": "tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: \"ND_PRINT((ndo, \"%s\", buf));\", in function named \"print_prefix\", in \"print-hncp.c\". The attack vector is: The victim must open a specially crafted pcap file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1010220",
"url": "https://www.suse.com/security/cve/CVE-2019-1010220"
},
{
"category": "external",
"summary": "SUSE Bug 1142439 for CVE-2019-1010220",
"url": "https://bugzilla.suse.com/1142439"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2019-1010220",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T18:19:33Z",
"details": "moderate"
}
],
"title": "CVE-2019-1010220"
},
{
"cve": "CVE-2019-15166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15166"
}
],
"notes": [
{
"category": "general",
"text": "lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15166",
"url": "https://www.suse.com/security/cve/CVE-2019-15166"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2019-15166",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T18:19:33Z",
"details": "moderate"
}
],
"title": "CVE-2019-15166"
},
{
"cve": "CVE-2019-15167",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15167"
}
],
"notes": [
{
"category": "general",
"text": "The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15167",
"url": "https://www.suse.com/security/cve/CVE-2019-15167"
},
{
"category": "external",
"summary": "SUSE Bug 1153098 for CVE-2019-15167",
"url": "https://bugzilla.suse.com/1153098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-20T18:19:33Z",
"details": "moderate"
}
],
"title": "CVE-2019-15167"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…