CVE-2018-16300
Summary
| CVE | CVE-2018-16300 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-10-03 16:15:00 UTC |
| Updated | 2023-11-07 02:53:00 UTC |
| Description | The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. |
Risk And Classification
Problem Types: CWE-674
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [security-announce] openSUSE-SU-2019:2344-1: important: Security update | SUSE | lists.opensuse.org | |
| Debian -- Security Information -- DSA-4547-1 tcpdump | DEBIAN | www.debian.org | |
| [SECURITY] Fedora 29 Update: tcpdump-4.9.3-1.fc29 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| Full Disclosure: APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | FULLDISC | seclists.org | |
| [SECURITY] Fedora 29 Update: tcpdump-4.9.3-1.fc29 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| USN-4252-1: tcpdump vulnerabilities | Ubuntu security notices | UBUNTU | usn.ubuntu.com | |
| October 2019 Tcpdump Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| [SECURITY] Fedora 31 Update: tcpdump-4.9.3-1.fc31 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| tcpdump/CHANGES at tcpdump-4.9 · the-tcpdump-group/tcpdump · GitHub | MISC | github.com | Release Notes, Third Party Advisory |
| USN-4252-2: tcpdump vulnerabilities | Ubuntu security notices | UBUNTU | usn.ubuntu.com | |
| (for 4.9.3) CVE-2018-16300/BGP: prevent stack exhaustion · the-tcpdump-group/tcpdump@af2cf04 · GitHub | CONFIRM | github.com | Patch, Third Party Advisory |
| About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra - Apple Support | CONFIRM | support.apple.com | |
| [SECURITY] [DLA 1955-1] tcpdump security update | MLIST | lists.debian.org | |
| [SECURITY] Fedora 30 Update: tcpdump-4.9.3-1.fc30 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [security-announce] openSUSE-SU-2019:2348-1: important: Security update | SUSE | lists.opensuse.org | |
| [SECURITY] Fedora 30 Update: tcpdump-4.9.3-1.fc30 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 31 Update: tcpdump-4.9.3-1.fc31 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| Bugtraq: [SECURITY] [DSA 4547-1] tcpdump security update | BUGTRAQ | seclists.org | |
| Bugtraq: APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | BUGTRAQ | seclists.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 376142 F5 BIG-IP Local Traffic Manager (LTM), Application Security Manager (ASM), Access Policy Manager (APM) Multiple Vulnerabilities (K44551633)
- 500686 Alpine Linux Security Update for tcpdump
- 504455 Alpine Linux Security Update for tcpdump
- 940081 AlmaLinux Security Update for tcpdump (ALSA-2020:4760)
- 960865 Rocky Linux Security Update for tcpdump (RLSA-2020:4760)