PT-2019-4783 · Tcpdump+7 · Tcpdump+7

Published

2019-09-30

·

Updated

2024-06-15

·

CVE-2018-16300

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions tcpdump versions prior to 4.9.3
Description The issue is related to the BGP parser in tcpdump, which allows stack consumption due to unlimited recursion in the bgp attr print() function. This can lead to a denial of service. The problem is also associated with a heap-based buffer over-read related to aoe print in print-aoe.c and lookup emem in addrtoname.c.
Recommendations For versions prior to 4.9.3, update to version 4.9.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the BGP parser or the bgp attr print() function until a patch is available. Avoid using the aoe print and lookup emem functions in the affected API endpoints until the issue is resolved.

Fix

Resource Exhaustion

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-674

Related Identifiers

ALT-PU-2019-3120
ALT-PU-2020-3563
ALT-PU-2021-1433
BDU:2020-01360
CESA-2020_4760
CVE-2018-16300
DLA-1955-1
DSA-4547-1
MGASA-2019-0297
OPENSUSE-SU-2019:2344-1
OPENSUSE-SU-2019:2348-1
OPENSUSE-SU-2019_2344-1
OPENSUSE-SU-2019_2348-1
OPENSUSE-SU-2024:11425-1
RHSA-2020:4760
RHSA-2020_4760
RLSA-2020:4760
SUSE-SU-2019:14191-1
SUSE-SU-2019:2674-1
SUSE-SU-2019_14191-1
SUSE-SU-2020:3360-1
USN-4252-1
USN-4252-2

Affected Products

Alt Linux
Centos
Ibm Aix
Red Hat
Rocky Linux
Suse
Ubuntu
Tcpdump