CVE-2007-3798

Summary

CVE	CVE-2007-3798
State	PUBLISHED
Assigner	mitre
Source Priority	CVE Program / NVD first with legacy fallback
Published	2007-07-16 22:30:00 UTC
Updated	2026-04-23 00:35:47 UTC
Description	Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.

Risk And Classification

Primary CVSS: v3.1 9.8 CRITICAL from [email protected]

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem Types: CWE-252 | n/a | CWE-252 CWE-252 Unchecked Return Value

Version	Source	Type	Score	Severity	Vector
3.1	[email protected]	Primary	9.8	CRITICAL	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
3.1	ADP	DECLARED	9.8	CRITICAL	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
3.1	134c704f-9b21-4f2e-91b3-4a467353bcc0	Secondary	9.8	CRITICAL	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
2.0	[email protected]	Primary	6.8		`AV:N/AC:M/Au:N/C:P/I:P/A:P`

CVSS v3.1 Breakdown

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Canonical	Ubuntu Linux	6.06	All	All	All
Operating System	Canonical	Ubuntu Linux	6.10	All	All	All
Operating System	Canonical	Ubuntu Linux	7.04	All	All	All
Operating System	Debian	Debian Linux	3.1	All	All	All
Operating System	Debian	Debian Linux	4.0	All	All	All
Operating System	Freebsd	Freebsd	All	All	All	All
Application	Slackware	Slackware	10.0	All	All	All
Application	Slackware	Slackware	10.1	All	All	All
Application	Slackware	Slackware	10.2	All	All	All
Application	Slackware	Slackware	11.0	All	All	All
Application	Slackware	Slackware	12.0	All	All	All
Application	Slackware	Slackware	9.0	All	All	All
Application	Slackware	Slackware	9.1	All	All	All
Application	Tcpdump	Tcpdump	All	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
www.trustix.org/errata/2007/0023	af854a3a-2127-422b-91ae-364da2661108	www.trustix.org	Broken Link
Debian -- Security Information -- DSA-1353-1 tcpdump	af854a3a-2127-422b-91ae-364da2661108	www.debian.org	Third Party Advisory
tcpdump print-bgp.c Buffer Overflow Vulnerability - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Broken Link, Vendor Advisory
Red Hat update for tcpdump - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Broken Link, Vendor Advisory
US-CERT Technical Cyber Security Alert TA07-352A -- Apple Updates for Multiple Vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	www.us-cert.gov	Broken Link, Third Party Advisory, US Government Resource
USN-492-1: tcpdump vulnerability \| Ubuntu	af854a3a-2127-422b-91ae-364da2661108	www.ubuntu.com	Third Party Advisory
rPath update for tcpdump - Secunia Advisories - Vulnerability Intelligence - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Broken Link, Vendor Advisory
Gentoo Bug 184815 - net-analyzer/tcpdump <= 3.9.6 BGP dissector integer overflow (CVE-2007-3798)	af854a3a-2127-422b-91ae-364da2661108	bugs.gentoo.org	Third Party Advisory
www.digit-labs.org/files/exploits/private/tcpdump-bgp.c	af854a3a-2127-422b-91ae-364da2661108	www.digit-labs.org	Exploit
The Slackware Linux Project: Slackware Security Advisories	af854a3a-2127-422b-91ae-364da2661108	slackware.com	Mailing List, Patch
cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c	af854a3a-2127-422b-91ae-364da2661108	cvs.tcpdump.org	Broken Link
tcpdump Print-bgp.C Remote Integer Underflow Vulnerability	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com	Broken Link, Third Party Advisory, VDB Entry
security.freebsd.org/advisories/FreeBSD-SA-07:06.tcpdump.asc	af854a3a-2127-422b-91ae-364da2661108	security.freebsd.org	Third Party Advisory
SecurityTracker.com Archives - Tcpdump Buffer Overflow in 'print-bgp.c' Lets Remote Users Execute Arbitrary Code	af854a3a-2127-422b-91ae-364da2661108	www.securitytracker.com	Broken Link, Third Party Advisory, VDB Entry
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com	Broken Link, Vendor Advisory
FreeBSD update for tcpdump - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Broken Link, Vendor Advisory
APPLE-SA-2007-12-17 Security Update 2007-009	af854a3a-2127-422b-91ae-364da2661108	lists.apple.com	Mailing List
Trustix Update for Multiple Packages - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Broken Link, Vendor Advisory
About Security Update 2007-009	af854a3a-2127-422b-91ae-364da2661108	docs.info.apple.com	Broken Link
Webmail - OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com	Broken Link, Vendor Advisory
Mandriva update for tcpdump - Secunia Advisories - Vulnerability Intelligence - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Broken Link, Vendor Advisory
Repository / Oval Repository	af854a3a-2127-422b-91ae-364da2661108	oval.cisecurity.org	Broken Link
Slackware update for tcpdump - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Broken Link, Vendor Advisory
SUSE Update for Multiple Packages - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Broken Link, Vendor Advisory
Ubuntu update for tcpdump - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Broken Link, Vendor Advisory
rhn.redhat.com \| Red Hat Support	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com	Broken Link, Vendor Advisory
rhn.redhat.com \| Red Hat Support	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com	Broken Link
Debian update for tcpdump - Secunia Advisories - Vulnerability Intelligence - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Broken Link, Vendor Advisory
SecurityFocus	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com	Broken Link, Third Party Advisory, VDB Entry
Gentoo Linux Documentation -- tcpdump: Integer overflow	af854a3a-2127-422b-91ae-364da2661108	security.gentoo.org	Third Party Advisory
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Broken Link, Vendor Advisory
Gentoo update for tcpdump - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Broken Link, Vendor Advisory
Security Announcement	af854a3a-2127-422b-91ae-364da2661108	www.novell.com	Broken Link
Advisories \| Mandriva	af854a3a-2127-422b-91ae-364da2661108	www.mandriva.com	Third Party Advisory
404 Not Found	af854a3a-2127-422b-91ae-364da2661108	www.turbolinux.com	Broken Link
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Organization	Published	Contributor	Statement
Red Hat	2007-07-31	Joshua Bressers	This issue does not affect the version of tcpdump shipped in Red Hat Enterprise Linux 2.1 or 3. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250275 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/

There are currently no legacy QID mappings associated with this CVE.