CVE-2018-16301
Summary
| CVE | CVE-2018-16301 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-10-03 16:15:00 UTC |
| Updated | 2023-11-07 02:53:00 UTC |
| Description | The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump. |
Risk And Classification
Problem Types: CWE-120
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Add CVE-2018-16301 to CHANGES. [skip ci] · the-tcpdump-group/tcpdump@ad7c25b · GitHub | CONFIRM | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Include Security and Mozilla Secure Open Source program
Legacy QID Mappings
- 198735 Ubuntu Security Notification for tcpdump Vulnerabilities (USN-5331-2)
- 500308 Alpine Linux Security Update for libpcap
- 500686 Alpine Linux Security Update for tcpdump
- 504075 Alpine Linux Security Update for libpcap
- 504455 Alpine Linux Security Update for tcpdump
- 672214 EulerOS Security Update for tcpdump (EulerOS-SA-2022-2638)
- 751720 SUSE Enterprise Linux Security Update for tcpdump (SUSE-SU-2022:0505-1)
- 751845 SUSE Enterprise Linux Security Update for tcpdump (SUSE-SU-2022:0774-1)
- 751849 OpenSUSE Security Update for tcpdump (openSUSE-SU-2022:0774-1)
- 753429 SUSE Enterprise Linux Security Update for tcpdump (SUSE-SU-2022:14890-1)
- 900686 Common Base Linux Mariner (CBL-Mariner) Security Update for tcpdump (8504)
- 901771 Common Base Linux Mariner (CBL-Mariner) Security Update for tcpdump (8506-1)