vulnerability
Oracle Linux: CVE-2018-16228: ELSA-2020-4760: tcpdump security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | 2019-10-02 | 2020-11-12 | 2024-11-29 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
2019-10-02
Added
2020-11-12
Modified
2024-11-29
Description
The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().
A flaw was found in tcpdump where an uninitialized buffer is accessed in tcpdump while printing HNCP packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application. System availability is the highest threat from this vulnerability.
A flaw was found in tcpdump where an uninitialized buffer is accessed in tcpdump while printing HNCP packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application. System availability is the highest threat from this vulnerability.
Solution
oracle-linux-upgrade-tcpdump
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.