7.5

CVE-2019-15166

lmp_print in tcpdump lacks certain boundary checks

lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TcpdumpTcpdump Version < 4.9.3
ApplemacOS X Version < 10.15.2
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
FedoraprojectFedora Version29
FedoraprojectFedora Version30
FedoraprojectFedora Version31
OpensuseLeap Version15.0
OpensuseLeap Version15.1
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
NetappCloud Backup Version-
NetappSolidfire Version-
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionlts
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.99% 0.911
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
cve@mitre.org 1.6 0.2 1.4
CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

http://seclists.org/fulldisclosure/2019/Dec/26
Third Party Advisory
Mailing List
https://seclists.org/bugtraq/2019/Dec/23
Third Party Advisory
Mailing List
https://support.apple.com/kb/HT210788
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
Third Party Advisory
Mailing List
https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
Third Party Advisory
Release Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
https://usn.ubuntu.com/4252-1/
Third Party Advisory
https://usn.ubuntu.com/4252-2/
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
Third Party Advisory
Mailing List
https://seclists.org/bugtraq/2019/Oct/28
Third Party Advisory
Mailing List
https://security.netapp.com/advisory/ntap-20200120-0001/
Third Party Advisory
https://www.debian.org/security/2019/dsa-4547
Third Party Advisory
https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4
Patch
Third Party Advisory