Arch Linux Security Advisory ASA-201709-5 ========================================= Severity: Critical Date : 2017-09-13 CVE-ID : CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725 Package : tcpdump Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-361 Summary ======= The package tcpdump before version 4.9.2-1 is vulnerable to multiple issues including arbitrary code execution and denial of service. Resolution ========== Upgrade to 4.9.2-1. # pacman -Syu "tcpdump>=4.9.2-1" The problems have been fixed upstream in version 4.9.2. Workaround ========== None. Description =========== - CVE-2017-11541 (denial of service) A heap-based out-of-bounds read vulnerability was discovered in tcpdump <= 4.9.1, in the lldp_print function in print-lldp.c, related to util- print.c. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash when attempting to print a summary of the packet data. - CVE-2017-11542 (denial of service) A heap-based out-of-bounds read vulnerability was discovered in tcpdump <= 4.9.1, in the pimv1_print function in print-pim.c. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash when attempting to print a summary of the packet data. - CVE-2017-11543 (arbitrary code execution) An out-of-bounds write vulnerability was discovered in tcpdump's handling of LINKTYPE_SLIP in the sliplink_print function in print-sl.c. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash or possibly execute arbitrary code when attempting to print a summary of the packet data. - CVE-2017-12893 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of SMB/CIFS in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12894 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's parsers when calling lookup_bytestring in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12895 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ICMP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12896 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ISAKMP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12897 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ISO CLNS in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12898 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of NFS in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12899 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of DECnet in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12900 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's parsers when calling tok2strbuf in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12901 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of EIGRP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12902 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of Zephyr in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12985 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IPv6 in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12986 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IPv6 routing headers in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12987 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IEEE 802.11 in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12988 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of telnet in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12989 (denial of service) An infinite loop vulnerability was discovered in tcpdump's handling of RESP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to enter an infinite loop while processing the packet data leading to denial of service. - CVE-2017-12990 (denial of service) An infinite loop vulnerability was discovered in tcpdump's handling of ISAKMP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to enter an infinite loop while processing the packet data leading to denial of service. - CVE-2017-12991 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of BGP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12992 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of RIPng in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12993 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of Juniper in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12994 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of BGP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12995 (denial of service) An infinite loop vulnerability was discovered in tcpdump's handling of DNS in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to enter an infinite loop while processing the packet data leading to denial of service. - CVE-2017-12996 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of PIMv2 in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12997 (denial of service) An infinite loop vulnerability was discovered in tcpdump's handling of LLDP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to enter an infinite loop while processing the packet data leading to denial of service. - CVE-2017-12998 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ISO IS-IS in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12999 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ISO IS-IS in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13000 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IEEE 802.15.4 in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13001 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of NFS in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13002 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of AODV in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13003 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of LMP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13004 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of Juniper in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13005 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of NFS in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13006 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of L2TP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13007 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of Apple PKTAP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13008 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IEEE 802.11 in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13009 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IPv6 mobility in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13010 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of BEEP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13011 (arbitrary code execution) An out-of-bounds write vulnerability was discovered in tcpdump's parsers when calling bittok2str_internal. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash or possibly execute arbitrary code while processing the packet data. - CVE-2017-13012 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ICMP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13013 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ARP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13014 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of White Board in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13015 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of EAP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13016 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ISO ES-IS in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13017 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of DHCPv6 in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13018 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of PGM in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13019 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of PGM in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13020 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of VTP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13021 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ICMPv6 in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13022 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13023 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IPv6 mobility in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13024 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IPv6 mobility in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13025 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IPv6 mobility in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13026 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ISO IS-IS in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13027 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of LLDP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13028 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of BOOTP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13029 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of PPP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13030 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of PIM in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13031 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IPv6 fragmentation header in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13032 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of RADIUS in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13033 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of VTP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13034 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of PGM in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13035 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ISO IS-IS in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13036 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of OSPFv3 in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13037 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13038 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of PPP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13039 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ISAKMP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13040 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of MPTCP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13041 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ICMPv6 in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13042 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of HNCP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13043 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of BGP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13044 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of HNCP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13045 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of VQP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13046 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of BGP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13047 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ISO ES-IP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13048 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of RSVP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13049 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of Rx in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13050 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of RPKI-Router in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13051 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of RSVP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13052 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of CFM in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13053 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of BGP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13054 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of LLDP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13055 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ISO IS-IS in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13687 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of Cisco HDLC in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13688 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of OLSR in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13689 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IKEv1 in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13690 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IKEv2 in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13725 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IPv6 routing headers in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. Impact ====== A remote attacker is able to crash the application or execute arbitrary code by tricking the user to open a specially crafted pcap file or by sending specially crafted packets to the network. References ========== http://www.tcpdump.org/tcpdump-changes.txt https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/util-print https://github.com/the-tcpdump-group/tcpdump/commit/21d702a136c5c16882e368af7c173df728242280 https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/print-pim https://github.com/the-tcpdump-group/tcpdump/commit/bed48062a64fca524156d7684af19f5b4a116fae https://github.com/the-tcpdump-group/tcpdump/commit/7039327875525278d17edee59720e29a3e76b7b3 https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/global-overflow/print-sl https://github.com/the-tcpdump-group/tcpdump/commit/6f5ba2b651cd9d4b7fa8ee5c4f94460645877c45 https://github.com/the-tcpdump-group/tcpdump/commit/730fc35968c5433b9e2a829779057f4f9495dc51 https://github.com/the-tcpdump-group/tcpdump/commit/2b62d1dda41590db29368ec7ba5f4faf3464765a https://github.com/the-tcpdump-group/tcpdump/commit/4e430c6b0d8b7e77c7abca7e7afb0c3e727502f2 https://github.com/the-tcpdump-group/tcpdump/commit/f76e7feb41a4327d2b0978449bbdafe98d4a3771 https://github.com/the-tcpdump-group/tcpdump/commit/1dcd10aceabbc03bf571ea32b892c522cbe923de https://github.com/the-tcpdump-group/tcpdump/commit/19d25dd8781620cd41bf178a5e2e27fc1cf242d0 https://github.com/the-tcpdump-group/tcpdump/commit/f96003b21e2abfbba59b926b10a7f9bc7d11e36c https://github.com/the-tcpdump-group/tcpdump/commit/c6e0531b5def26ecf912e8de6ade86cbdaed3751 https://github.com/the-tcpdump-group/tcpdump/commit/0318fa8b61bd6c837641129d585f1a73c652b1e0 https://github.com/the-tcpdump-group/tcpdump/commit/de981e6070d168b58ec1bb0713ded77ed4ad87f4 https://github.com/the-tcpdump-group/tcpdump/commit/6ec0c6fa63412c7a07a5bcb790a529c3563b4173 https://github.com/the-tcpdump-group/tcpdump/commit/d17507ffa3e9742199b02a66aa940e79ababfa30 https://github.com/the-tcpdump-group/tcpdump/commit/66df248b49095c261138b5a5e34d341a6bf9ac7f https://github.com/the-tcpdump-group/tcpdump/commit/7ac73d6cd41e9d4ac0ca7e6830ca390e195bb21c https://github.com/the-tcpdump-group/tcpdump/commit/2ecb9d2c67d9119250c54811a6ce4d0f2ddf44f1 https://github.com/the-tcpdump-group/tcpdump/commit/99798bd9a41bd3d03fdc1e949810a38967f20ed3 https://github.com/the-tcpdump-group/tcpdump/commit/8934a7d6307267d301182f19ed162563717e29e3 https://github.com/the-tcpdump-group/tcpdump/commit/db24063b01cba8e9d4d88b7d8ac70c9000c104e4 https://github.com/the-tcpdump-group/tcpdump/commit/c2ef693866beae071a24b45c49f9674af1df4028 https://github.com/the-tcpdump-group/tcpdump/commit/50a44b6b8e4f7c127440dbd4239cf571945cc1e7 https://github.com/the-tcpdump-group/tcpdump/commit/e942fb84fbe3a73a98a00d2a279425872b5fb9d2 https://github.com/the-tcpdump-group/tcpdump/commit/b534e304568585707c4a92422aeca25cf908ff02 https://github.com/the-tcpdump-group/tcpdump/commit/ffde45acf3348f8353fb4064a1b21683ee6b5ddf https://github.com/the-tcpdump-group/tcpdump/commit/3a76fd7c95fced2c2f8c8148a9055c3a542eff29 https://github.com/the-tcpdump-group/tcpdump/commit/6fca58f5f9c96749a575f52e20598ad43f5bdf30 https://github.com/the-tcpdump-group/tcpdump/commit/34cec721d39c76be1e0a600829a7b17bdfb832b6 https://github.com/the-tcpdump-group/tcpdump/commit/979dcefd7b259e9e233f77fe1c5312793bfd948f https://github.com/the-tcpdump-group/tcpdump/commit/3b32029db354cbc875127869d9b12a9addc75b50 https://github.com/the-tcpdump-group/tcpdump/commit/8512734883227c11568bb35da1d48b9f8466f43f https://github.com/the-tcpdump-group/tcpdump/commit/a7e5f58f402e6919ec444a57946bade7dfd6b184 https://github.com/the-tcpdump-group/tcpdump/commit/9be4e0b5938b705e7e36cfcb110a740c6ff0cb97 https://github.com/the-tcpdump-group/tcpdump/commit/7a923447fd49a069a0fd3b6c3547438ab5ee2123 https://github.com/the-tcpdump-group/tcpdump/commit/cbddb98484ea8ec1deece351abd56e063d775b38 https://github.com/the-tcpdump-group/tcpdump/commit/a25211918f2e790c67d859d20ccf8dbb81da1598 https://github.com/the-tcpdump-group/tcpdump/commit/35d146b7a66496d72cdeb95ccb33ab80a265ce90 https://github.com/the-tcpdump-group/tcpdump/commit/42073d54c53a496be40ae84152bbfe2c923ac7bc https://github.com/the-tcpdump-group/tcpdump/commit/b45a9a167ca6a3ef2752ae9d48d56ac14b001bfd https://github.com/the-tcpdump-group/tcpdump/commit/cc4a7391c616be7a64ed65742ef9ed3f106eb165 https://github.com/the-tcpdump-group/tcpdump/commit/ca336198e8bebccc18502de27672fdbd6eb34856 https://github.com/the-tcpdump-group/tcpdump/commit/5edf405d7ed9fc92f4f43e8a3d44baa4c6387562 https://github.com/the-tcpdump-group/tcpdump/commit/db8c799f6dfc68765c9451fcbfca06e662f5bd5f https://github.com/the-tcpdump-group/tcpdump/commit/877b66b398518d9501513e0860c9f3a8acc70892 https://github.com/the-tcpdump-group/tcpdump/commit/9f0730bee3eb65d07b49fd468bc2f269173352fe https://github.com/the-tcpdump-group/tcpdump/commit/8509ef02eceb2bbb479cea10fe4a7ec6395f1a8b https://github.com/the-tcpdump-group/tcpdump/commit/13ab8d18617d616c7d343530f8a842e7143fb5cc https://github.com/the-tcpdump-group/tcpdump/commit/cc356512f512e7fa423b3674db4bb31dbe40ffec https://github.com/the-tcpdump-group/tcpdump/commit/985122081165753c7442bd7824c473eb9ff56308 https://github.com/the-tcpdump-group/tcpdump/commit/c177cb3800a9a68d79b2812f0ffcb9479abd6eb8 https://github.com/the-tcpdump-group/tcpdump/commit/11b426ee05eb62ed103218526f1fa616851c43ce https://github.com/the-tcpdump-group/tcpdump/commit/26a6799b9ca80508c05cac7a9a3bef922991520b https://github.com/the-tcpdump-group/tcpdump/commit/4601c685e7fd19c3724d5e499c69b8d3ec49933e https://github.com/the-tcpdump-group/tcpdump/commit/d692d67332bcc90540088ad8e725eb3279e39863 https://github.com/the-tcpdump-group/tcpdump/commit/c5dd7bef5e54da5996dc4713284aa6266ae75b75 https://github.com/the-tcpdump-group/tcpdump/commit/67c7126062d59729cd421bb38f9594015c9907ba https://github.com/the-tcpdump-group/tcpdump/commit/eee0b04bcfdae319c242b0b8fc3d07029ee65b8c https://github.com/the-tcpdump-group/tcpdump/commit/b8e559afaeb8fe0604a1f8e3ad4dc1445de07a00 https://github.com/the-tcpdump-group/tcpdump/commit/2e1f6d9320afa83abc1ff716c7981fa504edadf2 https://github.com/the-tcpdump-group/tcpdump/commit/7d3aba9f06899d0128ef46e8a2fa143c6fad8f62 https://github.com/the-tcpdump-group/tcpdump/commit/5338aac7b8b880b0c5e0c15e27dadc44c5559284 https://github.com/the-tcpdump-group/tcpdump/commit/b20e1639dbac84b3fcb393858521c13ad47a9d70 https://github.com/the-tcpdump-group/tcpdump/commit/a77ff09c46560bc895dea11dc9fe643486b056ac https://github.com/the-tcpdump-group/tcpdump/commit/66e22961b30547e9a8daa1f0e8dc9fbe6e2698fa https://github.com/the-tcpdump-group/tcpdump/commit/29e5470e6ab84badbc31f4532bb7554a796d9d52 https://github.com/the-tcpdump-group/tcpdump/commit/7029d15f148ef24bb7c6668bc640f5470d085e5a https://github.com/the-tcpdump-group/tcpdump/commit/5dc1860d8267b1e0cb78c9ffa2a40bea2fdb3ddc https://github.com/the-tcpdump-group/tcpdump/commit/2d669862df7cd17f539129049f6fb70d17174125 https://github.com/the-tcpdump-group/tcpdump/commit/1bc78d795cd5cad5525498658f414a11ea0a7e9c https://github.com/the-tcpdump-group/tcpdump/commit/ae83295915d08a854de27a88efac5dd7353e6d3f https://github.com/the-tcpdump-group/tcpdump/commit/da6f1a677bfa4476abaeaf9b1afe1c4390f51b41 https://github.com/the-tcpdump-group/tcpdump/commit/571a6f33f47e7a2394fa08f925e534135c29cf1e https://github.com/the-tcpdump-group/tcpdump/commit/88b2dac837e81cf56dce05e6e7b5989332c0092d https://github.com/the-tcpdump-group/tcpdump/commit/2c2cfbd2b771ac888bc5c4a6d922f749d3822538 https://github.com/the-tcpdump-group/tcpdump/commit/7335163a6ef82d46ff18f3e6099a157747241629 https://github.com/the-tcpdump-group/tcpdump/commit/e0a5a02b0fc1900a69d6c37ed0aab36fb8494e6d https://github.com/the-tcpdump-group/tcpdump/commit/4c3aee4bb0294c232d56b6d34e9eeb74f630fe8c https://github.com/the-tcpdump-group/tcpdump/commit/f4b9e24c7384d882a7f434cc7413925bf871d63e https://github.com/the-tcpdump-group/tcpdump/commit/39582c04cc5e34054b2936b423072fb9df2ff6ef https://github.com/the-tcpdump-group/tcpdump/commit/d515b4b4a300479cdf1a6e0d1bb95bc1f9fee514 https://github.com/the-tcpdump-group/tcpdump/commit/c2f6833dddecf2d5fb89c9c898eee9981da342ed https://github.com/the-tcpdump-group/tcpdump/commit/3b36ec4e713dea9266db11975066c425aa669b6c https://github.com/the-tcpdump-group/tcpdump/commit/d10a0f980fe8f9407ab1ffbd612641433ebe175e https://github.com/the-tcpdump-group/tcpdump/commit/331530a4076c69bbd2e3214db6ccbe834fb75640 https://github.com/the-tcpdump-group/tcpdump/commit/3c8a2b0e91d8d8947e89384dacf6b54673083e71 https://github.com/the-tcpdump-group/tcpdump/commit/aa0858100096a3490edf93034a80e66a4d61aad5 https://github.com/the-tcpdump-group/tcpdump/commit/83c64fce3a5226b080e535f5131a8a318f30e79b https://github.com/the-tcpdump-group/tcpdump/commit/289c672020280529fd382f3502efab7100d638ec https://github.com/the-tcpdump-group/tcpdump/commit/5d340a5ca6e420a70297cdbdf777333f18bfdab7 https://github.com/the-tcpdump-group/tcpdump/commit/bd4e697ebd6c8457efa8f28f6831fc929b88a014 https://github.com/the-tcpdump-group/tcpdump/commit/e6511cc1a950fe1566b2236329d6b4bd0826cc7a https://github.com/the-tcpdump-group/tcpdump/commit/5d0d76e88ee2d3236d7e032589d6f1d4ec5f7b1e https://github.com/the-tcpdump-group/tcpdump/commit/866c60236c41cea1e1654c8a071897292f64be49 https://github.com/the-tcpdump-group/tcpdump/commit/a1eefe986065846b6c69dbc09afd9fa1a02c4a3d https://github.com/the-tcpdump-group/tcpdump/commit/0cb1b8a434b599b8d636db029aadb757c24e39d6 https://github.com/the-tcpdump-group/tcpdump/commit/061e7371a944588f231cb1b66d6fb070b646e376 https://github.com/the-tcpdump-group/tcpdump/commit/8dca25d26c7ca2caf6138267f6f17111212c156e https://github.com/the-tcpdump-group/tcpdump/commit/c7c515ee03c285cc51376328de4ae9d549e501a5 https://github.com/the-tcpdump-group/tcpdump/commit/3c4d7c0ee30a30e5abff3d6d9586a3753101faf5 https://security.archlinux.org/CVE-2017-11541 https://security.archlinux.org/CVE-2017-11542 https://security.archlinux.org/CVE-2017-11543 https://security.archlinux.org/CVE-2017-12893 https://security.archlinux.org/CVE-2017-12894 https://security.archlinux.org/CVE-2017-12895 https://security.archlinux.org/CVE-2017-12896 https://security.archlinux.org/CVE-2017-12897 https://security.archlinux.org/CVE-2017-12898 https://security.archlinux.org/CVE-2017-12899 https://security.archlinux.org/CVE-2017-12900 https://security.archlinux.org/CVE-2017-12901 https://security.archlinux.org/CVE-2017-12902 https://security.archlinux.org/CVE-2017-12985 https://security.archlinux.org/CVE-2017-12986 https://security.archlinux.org/CVE-2017-12987 https://security.archlinux.org/CVE-2017-12988 https://security.archlinux.org/CVE-2017-12989 https://security.archlinux.org/CVE-2017-12990 https://security.archlinux.org/CVE-2017-12991 https://security.archlinux.org/CVE-2017-12992 https://security.archlinux.org/CVE-2017-12993 https://security.archlinux.org/CVE-2017-12994 https://security.archlinux.org/CVE-2017-12995 https://security.archlinux.org/CVE-2017-12996 https://security.archlinux.org/CVE-2017-12997 https://security.archlinux.org/CVE-2017-12998 https://security.archlinux.org/CVE-2017-12999 https://security.archlinux.org/CVE-2017-13000 https://security.archlinux.org/CVE-2017-13001 https://security.archlinux.org/CVE-2017-13002 https://security.archlinux.org/CVE-2017-13003 https://security.archlinux.org/CVE-2017-13004 https://security.archlinux.org/CVE-2017-13005 https://security.archlinux.org/CVE-2017-13006 https://security.archlinux.org/CVE-2017-13007 https://security.archlinux.org/CVE-2017-13008 https://security.archlinux.org/CVE-2017-13009 https://security.archlinux.org/CVE-2017-13010 https://security.archlinux.org/CVE-2017-13011 https://security.archlinux.org/CVE-2017-13012 https://security.archlinux.org/CVE-2017-13013 https://security.archlinux.org/CVE-2017-13014 https://security.archlinux.org/CVE-2017-13015 https://security.archlinux.org/CVE-2017-13016 https://security.archlinux.org/CVE-2017-13017 https://security.archlinux.org/CVE-2017-13018 https://security.archlinux.org/CVE-2017-13019 https://security.archlinux.org/CVE-2017-13020 https://security.archlinux.org/CVE-2017-13021 https://security.archlinux.org/CVE-2017-13022 https://security.archlinux.org/CVE-2017-13023 https://security.archlinux.org/CVE-2017-13024 https://security.archlinux.org/CVE-2017-13025 https://security.archlinux.org/CVE-2017-13026 https://security.archlinux.org/CVE-2017-13027 https://security.archlinux.org/CVE-2017-13028 https://security.archlinux.org/CVE-2017-13029 https://security.archlinux.org/CVE-2017-13030 https://security.archlinux.org/CVE-2017-13031 https://security.archlinux.org/CVE-2017-13032 https://security.archlinux.org/CVE-2017-13033 https://security.archlinux.org/CVE-2017-13034 https://security.archlinux.org/CVE-2017-13035 https://security.archlinux.org/CVE-2017-13036 https://security.archlinux.org/CVE-2017-13037 https://security.archlinux.org/CVE-2017-13038 https://security.archlinux.org/CVE-2017-13039 https://security.archlinux.org/CVE-2017-13040 https://security.archlinux.org/CVE-2017-13041 https://security.archlinux.org/CVE-2017-13042 https://security.archlinux.org/CVE-2017-13043 https://security.archlinux.org/CVE-2017-13044 https://security.archlinux.org/CVE-2017-13045 https://security.archlinux.org/CVE-2017-13046 https://security.archlinux.org/CVE-2017-13047 https://security.archlinux.org/CVE-2017-13048 https://security.archlinux.org/CVE-2017-13049 https://security.archlinux.org/CVE-2017-13050 https://security.archlinux.org/CVE-2017-13051 https://security.archlinux.org/CVE-2017-13052 https://security.archlinux.org/CVE-2017-13053 https://security.archlinux.org/CVE-2017-13054 https://security.archlinux.org/CVE-2017-13055 https://security.archlinux.org/CVE-2017-13687 https://security.archlinux.org/CVE-2017-13688 https://security.archlinux.org/CVE-2017-13689 https://security.archlinux.org/CVE-2017-13690 https://security.archlinux.org/CVE-2017-13725