Steffen Bauch

**Name of the Vulnerable Software and Affected Versions** tcpdump versions 3.9.6 through 4.6.2 **Description** The issue is related to an integer underflow in the `olsr print` function when tcpdump is in verbose mode. This allows remote attackers to cause a denial of service, resulting in a crash, by sending a crafted length value in an OLSR frame. **Recommendations** For versions 3.9.6 through 4.6.2, consider disabling verbose mode until a patch is available to prevent the denial of service.

**Name of the Vulnerable Software and Affected Versions** tcpdump versions 4.5.0 through 4.6.2 **Description** The issue is related to multiple integer underflows in the geonet print function when tcpdump is in verbose mode. This allows remote attackers to cause a denial of service, resulting in a segmentation fault and crash, by sending a crafted length value in a Geonet frame. **Recommendations** For versions 4.5.0 through 4.6.2, consider disabling the verbose mode as a temporary workaround until a patch is available. Restrict access to the geonet print function to minimize the risk of exploitation. Avoid using the verbose mode in the affected tcpdump versions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** tcpdump versions 3.8 through 4.6.2 **Description** The issue allows remote attackers to obtain sensitive information from memory or cause a denial of service, such as packet loss or segmentation fault, via a crafted Ad hoc On-Demand Distance Vector (AODV) packet. This packet triggers an out-of-bounds memory access. **Recommendations** For versions 3.8 through 4.6.2, update to a version that fixes the out-of-bounds memory access issue to prevent potential attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.