PT-2019-5660 · Tcpdump+4 · Tcpdump+4

Published

2019-07-22

Updated

2024-06-15

CVE-2019-1010220

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions tcpdump version 4.9.2

Description The issue is caused by a buffer over-read, which may expose sensitive information such as the Saved Frame Pointer and Return Address on the stack. This occurs in the print prefix function, specifically at line 234 in the "print-hncp.c" component, where the code ND PRINT((ndo, "%s", buf)) is executed. The attack vector involves the victim opening a specially crafted pcap file, allowing a potential attacker to disclose protected information.

Recommendations For tcpdump version 4.9.2, consider avoiding the use of the print prefix function in "print-hncp.c" until a patch is available. As a temporary workaround, restrict the opening of pcap files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Over-read

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-126CWE-125

Related Identifiers

ALT-PU-2019-3120

ALT-PU-2020-3563

ALT-PU-2021-1433

BDU:2020-04873

CVE-2019-1010220

ECHO-04E2-597A-F713

OPENSUSE-SU-2019:1964-1

OPENSUSE-SU-2019:2344-1

OPENSUSE-SU-2019:2348-1

OPENSUSE-SU-2019_1964-1

OPENSUSE-SU-2019_2344-1

OPENSUSE-SU-2019_2348-1

OPENSUSE-SU-2024:11425-1

SUSE-SU-2019:2087-1

SUSE-SU-2019:2088-1

SUSE-SU-2019:2674-1

SUSE-SU-2020:3360-1

USN-4252-1

USN-4252-2

Affected Products

Alt Linux

Debian

Suse

Ubuntu

Tcpdump

PT-2019-5660 · Tcpdump+4 · Tcpdump+4

CVE-2019-1010220

Weakness Enumeration

Related Identifiers

Affected Products

References · 236