Phil Meek

**Name of the Vulnerable Software and Affected Versions** tcpdump versions 3.6.2 and earlier libpcap version 0.6.2 arpwatch version 2.1a11 **Description** The issue concerns multiple vulnerabilities in certain packages of the Red Hat Linux operating system, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. Specifically, the RADIUS decoder in tcpdump is vulnerable to a denial of service attack via an invalid RADIUS packet with a header length field of 0, causing tcpdump to enter an infinite loop. **Recommendations** For tcpdump versions 3.6.2 and earlier, consider updating to a version later than 3.6.2 to resolve the issue. For libpcap version 0.6.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For arpwatch version 2.1a11, at the moment, there is no information about a newer version that contains a fix for this vulnerability.