Konrad Rieck

**Name of the Vulnerable Software and Affected Versions** tcpdump versions prior to 4.9.3 **Description** The issue concerns a buffer over-read in the VRRP parser for VRRP version 3, which occurs in the `vrrp print()` function in `print-vrrp.c`. Additionally, there is a heap-based buffer over-read related to `aoe print` in `print-aoe.c` and `lookup emem` in `addrtoname.c`. **Recommendations** For versions prior to 4.9.3, update to version 4.9.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the VRRP parser and `aoe print` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** tcpdump versions prior to 4.9.3 **Description** The issue is related to a buffer over-read in the LDP parser of the tcpdump utility, specifically in the `ldp tlv print()` function located in `print-ldp.c`. This can be exploited by a remote attacker to cause a denial of service or potentially gain unauthorized access to information, compromising its integrity and availability. **Recommendations** For versions prior to 4.9.3, update to version 4.9.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `ldp tlv print()` function in `print-ldp.c` until a patch is applied.