Skip to main content

Tcpdump CVE-2015-3138

HIGH
Improper Input Validation (CWE-20)
2017-09-28 cve@mitre.org
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 28, 2017 - 01:29 cve.org
HIGH 7.5

DescriptionCVE.org

print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).

AnalysisAI

print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-20. print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash). Affected products include: Tcpdump, Opensuse Leap, Opensuse Project Leap. Version information: before 4.7.4.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-11543 CRITICAL POC
9.8 Jul 23

tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c. Rated critical severity (CVSS 9.8), th

CVE-2014-8768 MEDIUM POC
5.0 Nov 20

Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow rem

CVE-2017-11542 CRITICAL POC
9.8 Jul 23

tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c. Rated critical severity (CVS

CVE-2017-11541 CRITICAL POC
9.8 Jul 23

tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c. Rat

CVE-2015-2153 MEDIUM POC
5.0 Mar 24

The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers t

CVE-2014-8769 MEDIUM POC
6.4 Nov 20

tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of

CVE-2017-5342 CRITICAL
9.8 Jan 28

In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a b

CVE-2017-5341 CRITICAL
9.8 Jan 28

The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print(). Rated critical severity (CVSS 9

CVE-2017-13000 CRITICAL
9.8 Sep 14

The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print(). Rat

CVE-2017-13050 CRITICAL
9.8 Sep 14

The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print(). Rated cr

CVE-2017-13019 CRITICAL
9.8 Sep 14

The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). Rated critical severity (CVSS

CVE-2014-8767 MEDIUM POC
5.0 Nov 20

Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attacke

Share

CVE-2015-3138 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy