CVE-2017-5342 In tcpdump before 4.9.0 a bug in multiple protocol parsers could cause a buffer overflow in print-ether.c:ether_print()

Disclosed: 2019-10-08 20:31:35 By geeknik To ibb

High

Vulnerability Details

Reported to the project maintainers in 2016. gre_print_0() and the functions modelled after it passed the value of "length" instead of the value of "caplen", this could make ether_print() access beyond the memory allocated for the captured packet. Fixed by https://github.com/the-tcpdump-group/tcpdump/commit/0db4dcafe5ae38201d3869c96a96cb714d82ff35.

Actions

View on HackerOne

Report Stats

Report ID: 202968
State: Closed
Substate: resolved
Upvotes: 2

CVE-2017-5342 In tcpdump before 4.9.0 a bug in multiple protocol parsers could cause a buffer overflow in print-ether.c:ether_print()

Vulnerability Details

Actions

Report Stats

Share this report