PT-2019-5672 · Tcpdump+7 · Tcpdump+7

Published

2019-09-30

·

Updated

2024-06-15

·

CVE-2018-16451

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions tcpdump versions prior to 4.9.3
Description The issue is related to buffer over-reads in the SMB parser of tcpdump, specifically in the print trans() function in print-smb.c, when handling MAILSLOTBROWSE and PIPELANMAN. This can potentially allow a remote attacker to cause a denial of service. Additionally, there are heap-based buffer over-reads related to aoe print in print-aoe.c and lookup emem in addrtoname.c.
Recommendations For versions prior to 4.9.3, update to version 4.9.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the SMB parser or disabling the print trans() function until a patch is available. Restrict access to the affected modules, such as print-smb.c, print-aoe.c, and addrtoname.c, to minimize the risk of exploitation. Avoid using the aoe print and lookup emem functions in the affected API endpoints until the issue is resolved.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2019-3120
ALT-PU-2020-3563
ALT-PU-2021-1433
BDU:2020-04966
CESA-2020_4760
CVE-2018-16451
DLA-1955-1
DSA-4547-1
MGASA-2019-0297
OPENSUSE-SU-2019:2344-1
OPENSUSE-SU-2019:2348-1
OPENSUSE-SU-2019_2344-1
OPENSUSE-SU-2019_2348-1
OPENSUSE-SU-2024:11425-1
RHSA-2020:4760
RHSA-2020_4760
RLSA-2020:4760
SUSE-SU-2019:14191-1
SUSE-SU-2019:2674-1
SUSE-SU-2019_14191-1
SUSE-SU-2020:3360-1
USN-4252-1
USN-4252-2

Affected Products

Alt Linux
Centos
Ibm Aix
Red Hat
Rocky Linux
Suse
Ubuntu
Tcpdump