vulnerability
Oracle Linux: CVE-2018-16300: ELSA-2020-4760: tcpdump security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | 2019-10-02 | 2020-11-12 | 2024-11-29 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
2019-10-02
Added
2020-11-12
Modified
2024-11-29
Description
The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.
An uncontrolled resource consumption flaw was discovered in the way tcpdump prints BGP packets. The BGP protocol allows ATTR_SET to be nested as many times as the message can accommodate, however when a specially crafted packet is crafted and parsed by tcpdump, this may lead to stack exhaustion due to uncontrolled recursion. System availability is the highest threat from this vulnerability.
An uncontrolled resource consumption flaw was discovered in the way tcpdump prints BGP packets. The BGP protocol allows ATTR_SET to be nested as many times as the message can accommodate, however when a specially crafted packet is crafted and parsed by tcpdump, this may lead to stack exhaustion due to uncontrolled recursion. System availability is the highest threat from this vulnerability.
Solution
oracle-linux-upgrade-tcpdump
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.