Bhargava Shastry

**Name of the Vulnerable Software and Affected Versions** tcpdump versions prior to 4.9.3 **Description** The issue is related to a buffer over-read in the `bgp capabilities print()` function in `print-bgp.c`, which can cause a denial of service. This can be exploited by a remote attacker. The `bgp capabilities print()` function is used for printing BGP capabilities. The vulnerability is also related to the `BGP CAPCODE RESTART` code. Additionally, there is a heap-based buffer over-read related to the `aoe print` function in `print-aoe.c` and the `lookup emem` function in `addrtoname.c`. **Recommendations** For versions prior to 4.9.3, update to version 4.9.3 or later to resolve the issue. As a temporary workaround, consider disabling the `bgp capabilities print()` function until a patch is available. Restrict access to the `print-bgp.c` and `print-aoe.c` modules to minimize the risk of exploitation. Avoid using the `BGP CAPCODE RESTART` code in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** tcpdump versions prior to 4.9.3 **Description** The issue concerns a buffer over-read in the VRRP parser for VRRP version 3, which occurs in the `vrrp print()` function in `print-vrrp.c`. Additionally, there is a heap-based buffer over-read related to `aoe print` in `print-aoe.c` and `lookup emem` in `addrtoname.c`. **Recommendations** For versions prior to 4.9.3, update to version 4.9.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the VRRP parser and `aoe print` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** tcpdump versions prior to 4.9.3 **Description** The issue is related to a buffer over-read in the LDP parser of the tcpdump utility, specifically in the `ldp tlv print()` function located in `print-ldp.c`. This can be exploited by a remote attacker to cause a denial of service or potentially gain unauthorized access to information, compromising its integrity and availability. **Recommendations** For versions prior to 4.9.3, update to version 4.9.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `ldp tlv print()` function in `print-ldp.c` until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** tcpdump versions prior to 4.9.3 **Description** The issue is related to a buffer over-read in the IKEv1 parser, specifically in the `ikev1 n print()` function within `print-isakmp.c`. This can allow a remote attacker to gain unauthorized access to information and impact its integrity and availability. Additionally, it may cause a denial of service. The problem is also associated with a heap-based buffer over-read related to `aoe print` in `print-aoe.c` and `lookup emem` in `addrtoname.c`. **Recommendations** For versions prior to 4.9.3, update to version 4.9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `ikev1 n print()` function and the `aoe print` and `lookup emem` functions until a patch is available. Avoid using the affected API endpoints or functions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** tcpdump versions prior to 4.9.3 **Description** The issue is related to a buffer over-read in the VRRP parser, specifically in the `vrrp print()` function, which can be exploited by a remote attacker to gain unauthorized access to information, compromise its integrity and availability, or cause a denial of service. The vulnerability is associated with the VRRP version 2 parser in `print-vrrp.c`. **Recommendations** For versions prior to 4.9.3, update to version 4.9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `vrrp print()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** tcpdump versions prior to 4.9.3 **Description** The issue is related to a buffer over-read in the ICMP parser, specifically in the `icmp print()` function in `print-icmp.c`. This can be exploited by a remote attacker to cause a denial of service or potentially gain unauthorized access to information, compromising its integrity and availability. **Recommendations** For versions prior to 4.9.3, update to version 4.9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `icmp print()` function in `print-icmp.c` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** tcpdump versions prior to 4.9.3 **Description** The issue is related to a buffer over-read in the BGP parser of the tcpdump utility, specifically in the `bgp capabilities print()` function. This can be exploited by a remote attacker to cause a denial of service or potentially gain unauthorized access to information, affecting its integrity and availability. **Recommendations** For versions prior to 4.9.3, update to version 4.9.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `bgp capabilities print()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** tcpdump versions prior to 4.9.3 **Description** The issue is related to a buffer over-read in the Rx parser, specifically in the `rx cache find()` and `rx cache insert()` functions. This can allow a remote attacker to gain unauthorized access to information, compromise its integrity and availability, or cause a denial of service. The `aoe print` function in `print-aoe.c` and the `lookup emem` function in `addrtoname.c` are also affected by a heap-based buffer over-read. **Recommendations** For versions prior to 4.9.3, update to version 4.9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `rx cache find()` and `rx cache insert()` functions until a patch is available. Avoid using the affected functions `aoe print` in `print-aoe.c` and `lookup emem` in `addrtoname.c` until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** tcpdump versions prior to 4.9.3 **Description** The issue is related to a buffer over-read in the FRF.16 parser, specifically in the `mfr print()` function within `print-fr.c`. This can allow a remote attacker to gain unauthorized access to information and impact its integrity and availability. Additionally, the vulnerability may cause a denial of service. The `aoe print` function in `print-aoe.c` and `lookup emem` in `addrtoname.c` are also related to a heap-based buffer over-read. **Recommendations** For versions prior to 4.9.3, update to version 4.9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `mfr print()` function in `print-fr.c` until a patch is available. Avoid using the `aoe print` function in `print-aoe.c` and `lookup emem` in `addrtoname.c` until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** tcpdump versions prior to 4.9.3 **Description** The issue is related to a buffer over-read in the LMP parser of the tcpdump utility, specifically in the `lmp print data link subobjs()` function in `print-lmp.c`. This can allow a remote attacker to gain unauthorized access to information and impact its integrity and availability. Additionally, it may cause a denial of service. The `aoe print` function in `print-aoe.c` and the `lookup emem` function in `addrtoname.c` are also related to a heap-based buffer over-read. **Recommendations** For versions prior to 4.9.3, update to version 4.9.3 or later to resolve the issue. As a temporary workaround, consider disabling the `lmp print data link subobjs()` function until a patch is available. Restrict access to the `print-lmp.c` module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open vSwitch versions prior to 2.8.1 **Description** The issue is related to memory leaks that occur while parsing malformed OpenFlow group mod messages. It is noted that the vendor disputes the relevance of this report, stating that it can only be triggered by an OpenFlow controller, which has more direct and powerful ways to force Open vSwitch to allocate memory. **Recommendations** For versions prior to 2.8.1, update to version 2.8.1 or later to resolve the issue. As a temporary workaround, consider restricting the ability of OpenFlow controllers to insert flows into the flow table to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** tcpdump versions prior to 4.9.2 **Description** The issue is related to a buffer over-read in the IPv6 mobility parser, specifically in the `mobility opt print()` function within the `print-mobility.c` file. **Recommendations** For versions prior to 4.9.2, update to version 4.9.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** tcpdump versions prior to 4.9.2 **Description** The issue concerns a buffer over-read in the PGM parser, specifically in the `pgm print()` function within `print-pgm.c`. This could allow a remote attacker to obtain sensitive information by sending a specially crafted request. **Recommendations** For versions prior to 4.9.2, update to version 4.9.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the PGM parser until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** tcpdump versions prior to 4.9.2 **Description** The issue is related to a buffer over-read in the ISO IS-IS parser, specifically within the print-isoclns.c file, affecting several functions. **Recommendations** For versions prior to 4.9.2, update to version 4.9.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** tcpdump versions prior to 4.9.2 **Description** The issue is related to a buffer over-read in the IPv6 mobility parser, specifically in the `mobility opt print()` function within the `print-mobility.c` file. **Recommendations** For versions prior to 4.9.2, update to version 4.9.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** tcpdump versions prior to 4.9.2 **Description** The issue is related to a buffer over-read in the IPv6 mobility parser, specifically in the `mobility opt print()` function within the `print-mobility.c` file. **Recommendations** For versions prior to 4.9.2, update to version 4.9.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** tcpdump versions prior to 4.9.2 **Description** The issue is related to a buffer over-read in the DHCPv6 parser, specifically in the `dhcp6opt print()` function within `print-dhcp6.c`. This could allow a remote attacker to obtain sensitive information by sending a specially crafted request. **Recommendations** For versions prior to 4.9.2, update to version 4.9.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the DHCPv6 parser until the update is applied.

**Name of the Vulnerable Software and Affected Versions** tcpdump versions prior to 4.9.2 **Description** The issue is related to a buffer over-read in the ARP parser component of tcpdump, specifically in the print-arp.c file, affecting several functions. This could allow a remote attacker to obtain sensitive information by sending a specially crafted request. **Recommendations** For versions prior to 4.9.2, update to version 4.9.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the ARP parser component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** tcpdump versions prior to 4.9.2 **Description** The issue is related to a buffer over-read in the IP parser, specifically in the `ip printroute()` function within `print-ip.c`. This affects the tcpdump software. **Recommendations** For versions prior to 4.9.2, update to version 4.9.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `ip printroute()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** tcpdump versions prior to 4.9.2 **Description** The issue concerns a buffer over-read in the IPv6 fragmentation header parser, specifically within the `frag6 print()` function in print-frag6.c. **Recommendations** For versions prior to 4.9.2, update to version 4.9.2 or later to resolve the issue.