In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Information Disclosure
Buffer Overflow
Tcpdump
NVD
GitHub
CVSS 3.0
5.5
EPSS
2.4%