TcpdumpCVEs & Vulnerabilities

181 CVEs affecting Tcpdump products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

tcpdump 172libpcap 8tcpslice 1
CVE-2024-8006MEDIUM

Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence.

31 Aug 2024
4.4
CVSS
CVE-2023-7256MEDIUM

In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400.

31 Aug 2024
4.4
CVSS
CVE-2023-1801MEDIUM

The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet.

8 Apr 2023
6.5
CVSS
CVE-2019-15167CRITICAL

The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463.

27 Aug 2022
9.1
CVSS
CVE-2021-41043MEDIUM

Use after free in tcpslice triggers AddressSanitizer, no other confirmed impact.

5 Jan 2022
5.5
CVSS
CVE-2020-8037HIGH

The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.

4 Nov 2020
7.5
CVSS
CVE-2020-8036HIGH

The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way.

4 Nov 2020
7.5
CVSS
CVE-2019-15165MEDIUM

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

3 Oct 2019
5.3
CVSS
CVE-2019-15164MEDIUM

rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source.

3 Oct 2019
5.3
CVSS
CVE-2019-15163HIGH

rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails.

3 Oct 2019
7.5
CVSS
CVE-2019-15162MEDIUM

rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.

3 Oct 2019
5.3
CVSS
CVE-2019-15161MEDIUM

rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request.

3 Oct 2019
5.3
CVSS
CVE-2019-15166HIGH

lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.

3 Oct 2019
7.5
CVSS
CVE-2018-16452HIGH

The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.

3 Oct 2019
7.5
CVSS
CVE-2018-16451HIGH

The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.

3 Oct 2019
7.5
CVSS
CVE-2018-16301HIGH

The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump.

3 Oct 2019
7.8
CVSS
CVE-2018-16300HIGH

The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.

3 Oct 2019
7.5
CVSS
CVE-2018-16230HIGH

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).

3 Oct 2019
7.5
CVSS
CVE-2018-16229HIGH

The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().

3 Oct 2019
7.5
CVSS
CVE-2018-16228HIGH

The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().

3 Oct 2019
7.5
CVSS
CVE-2018-16227HIGH

The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.

3 Oct 2019
7.5
CVSS
CVE-2018-14882HIGH

The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.

3 Oct 2019
7.5
CVSS
CVE-2018-14881HIGH

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).

3 Oct 2019
7.5
CVSS
CVE-2018-14880HIGH

The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().

3 Oct 2019
7.5
CVSS
CVE-2018-14879HIGH

The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().

3 Oct 2019
7.0
CVSS
CVE-2018-14470HIGH

The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().

3 Oct 2019
7.5
CVSS
CVE-2018-14469HIGH

The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().

3 Oct 2019
7.5
CVSS
CVE-2018-14468HIGH

The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().

3 Oct 2019
7.5
CVSS
CVE-2018-14467HIGH

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).

3 Oct 2019
7.5
CVSS
CVE-2018-14466HIGH

The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().

3 Oct 2019
7.5
CVSS
CVE-2018-14465HIGH

The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().

3 Oct 2019
7.5
CVSS
CVE-2018-14464HIGH

The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().

3 Oct 2019
7.5
CVSS
CVE-2018-14463HIGH

The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.

3 Oct 2019
7.5
CVSS
CVE-2018-14462HIGH

The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().

3 Oct 2019
7.5
CVSS
CVE-2018-14461HIGH

The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().

3 Oct 2019
7.5
CVSS
CVE-2018-10105CRITICAL

tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).

3 Oct 2019
9.8
CVSS
CVE-2018-10103CRITICAL

tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).

3 Oct 2019
9.8
CVSS
CVE-2019-1010220LOW

tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". The attack vector is: The victim must open a specially crafted pcap file.

22 Jul 2019
3.3
CVSS
CVE-2018-19519MEDIUM

In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization.

25 Nov 2018
5.5
CVSS
CVE-2017-16808MEDIUM

tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.

13 Nov 2017
5.5
CVSS
CVE-2011-1935CRITICAL

pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d9437200e028f1c47c93 when snaplen is set may truncate packets, which might allow remote attackers to send arbitrary data while avoiding detection via crafted packets.

20 Oct 2017
9.8
CVSS
CVE-2015-3138HIGH

print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).

28 Sep 2017
7.5
CVSS
CVE-2017-13725CRITICAL

The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().

14 Sep 2017
9.8
CVSS
CVE-2017-13690CRITICAL

The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.

14 Sep 2017
9.8
CVSS
CVE-2017-13689CRITICAL

The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print().

14 Sep 2017
9.8
CVSS
CVE-2017-13688CRITICAL

The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print().

14 Sep 2017
9.8
CVSS
CVE-2017-13687CRITICAL

The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print().

14 Sep 2017
9.8
CVSS
CVE-2017-13055CRITICAL

The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_is_reach_subtlv().

14 Sep 2017
9.8
CVSS
← PrevPage 1 / 4Next →