Skip to main content

Tcpdump CVE-2014-8767

MEDIUM
Numeric Errors (CWE-189)
2014-11-20 cve@mitre.org
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:N/I:N/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
None
Availability
P

Lifecycle Timeline

1
CVE Published
Nov 20, 2014 - 17:50 cve.org
MEDIUM 5.0

DescriptionCVE.org

Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame.

AnalysisAI

Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-189. Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame. Affected products include: Redhat Tcpdump. Version information: through 4.6.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-11543 CRITICAL POC
9.8 Jul 23

tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c. Rated critical severity (CVSS 9.8), th

CVE-2014-8768 MEDIUM POC
5.0 Nov 20

Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow rem

CVE-2017-11542 CRITICAL POC
9.8 Jul 23

tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c. Rated critical severity (CVS

CVE-2017-11541 CRITICAL POC
9.8 Jul 23

tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c. Rat

CVE-2015-2153 MEDIUM POC
5.0 Mar 24

The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers t

CVE-2014-8769 MEDIUM POC
6.4 Nov 20

tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of

CVE-2017-5342 CRITICAL
9.8 Jan 28

In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a b

CVE-2017-5341 CRITICAL
9.8 Jan 28

The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print(). Rated critical severity (CVSS 9

CVE-2017-13000 CRITICAL
9.8 Sep 14

The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print(). Rat

CVE-2017-13050 CRITICAL
9.8 Sep 14

The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print(). Rated cr

CVE-2017-13019 CRITICAL
9.8 Sep 14

The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). Rated critical severity (CVSS

CVE-2017-5204 CRITICAL
9.8 Jan 28

The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print(). Rated critical severity (CVSS

Share

CVE-2014-8767 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy