Action not permitted
Modal body text goes here.
CVE-2018-10103
Vulnerability from cvelistv5
Published
2019-10-03 15:05
Modified
2024-08-05 07:32
Severity ?
EPSS score ?
Summary
tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:32:01.034Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES" }, { "name": "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html" }, { "name": "openSUSE-SU-2019:2344", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html" }, { "name": "openSUSE-SU-2019:2348", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html" }, { "name": "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Oct/28" }, { "name": "DSA-4547", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2019/dsa-4547" }, { "name": "FEDORA-2019-85d92df70f", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" }, { "name": "FEDORA-2019-d06bc63433", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" }, { "name": "FEDORA-2019-6db0d5b9d9", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K44551633?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT210788" }, { "name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Dec/23" }, { "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2019/Dec/26" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" }, { "name": "USN-4252-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4252-2/" }, { "name": "USN-4252-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4252-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2)." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-05T03:06:12", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES" }, { "name": "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html" }, { "name": "openSUSE-SU-2019:2344", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html" }, { "name": "openSUSE-SU-2019:2348", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html" }, { "name": "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Oct/28" }, { "name": "DSA-4547", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2019/dsa-4547" }, { "name": "FEDORA-2019-85d92df70f", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" }, { "name": "FEDORA-2019-d06bc63433", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" }, { "name": "FEDORA-2019-6db0d5b9d9", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K44551633?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT210788" }, { "name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Dec/23" }, { "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2019/Dec/26" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" }, { "name": "USN-4252-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4252-2/" }, { "name": "USN-4252-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4252-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-10103", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", "refsource": "CONFIRM", "url": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES" }, { "name": "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html" }, { "name": "openSUSE-SU-2019:2344", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html" }, { "name": "openSUSE-SU-2019:2348", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html" }, { "name": "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Oct/28" }, { "name": "DSA-4547", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4547" }, { "name": "FEDORA-2019-85d92df70f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" }, { "name": "FEDORA-2019-d06bc63433", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" }, { "name": "FEDORA-2019-6db0d5b9d9", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/" }, { "name": "https://support.f5.com/csp/article/K44551633?utm_source=f5support\u0026amp;utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K44551633?utm_source=f5support\u0026amp;utm_medium=RSS" }, { "name": "https://support.apple.com/kb/HT210788", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210788" }, { "name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Dec/23" }, { "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" }, { "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" }, { "name": "USN-4252-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4252-2/" }, { "name": "USN-4252-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4252-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-10103", "datePublished": "2019-10-03T15:05:26", "dateReserved": "2018-04-14T00:00:00", "dateUpdated": "2024-08-05T07:32:01.034Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2018-10103\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-10-03T16:15:11.257\",\"lastModified\":\"2023-11-07T02:51:16.233\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).\"},{\"lang\":\"es\",\"value\":\"tcpdump versiones anteriores a 4.9.3, maneja inapropiadamente la impresi\u00f3n de datos SMB (problema 1 de 2).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":7.5},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.9.3\",\"matchCriteriaId\":\"CA59BD9C-6C0C-4584-A8CC-8C652E9D36AF\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2019/Dec/26\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://seclists.org/bugtraq/2019/Dec/23\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://seclists.org/bugtraq/2019/Oct/28\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20200120-0001/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.apple.com/kb/HT210788\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.f5.com/csp/article/K44551633?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4252-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4252-2/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4547\",\"source\":\"cve@mitre.org\"}]}}" } }
rhsa-2020_4760
Vulnerability from csaf_redhat
Published
2020-11-04 01:47
Modified
2024-11-22 15:18
Summary
Red Hat Security Advisory: tcpdump security, bug fix, and enhancement update
Notes
Topic
An update for tcpdump is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces.
The following packages have been upgraded to a later upstream version: tcpdump (4.9.3). (BZ#1804063)
Security Fix(es):
* tcpdump: SMB data printing mishandled (CVE-2018-10103)
* tcpdump: SMB data printing mishandled (CVE-2018-10105)
* tcpdump: Out of bounds read/write in get_next_file() in tcpdump.c (CVE-2018-14879)
* tcpdump: Buffer over-read in ldp_tlv_print() function in print-ldp.c (CVE-2018-14461)
* tcpdump: Buffer over-read in icmp_print() function in print-icmp.c (CVE-2018-14462)
* tcpdump: Buffer over-read in vrrp_print() function in print-vrrp.c (CVE-2018-14463)
* tcpdump: Buffer over-read in lmp_print_data_link_subobjs() function in print-lmp.c (CVE-2018-14464)
* tcpdump: Buffer over-read in rsvp_obj_print() function in print-rsvp.c (CVE-2018-14465)
* tcpdump: Buffer over-read in print-icmp6.c (CVE-2018-14466)
* tcpdump: Buffer over-read in bgp_capabilities_print() in print-bgp.c (CVE-2018-14467)
* tcpdump: Buffer over-read in mfr_print() function in print-fr.c (CVE-2018-14468)
* tcpdump: Buffer over-read in ikev1_n_print() function in print-isakmp.c (CVE-2018-14469)
* tcpdump: Buffer over-read in babel_print_v2() in print-babel.c (CVE-2018-14470)
* tcpdump: Buffer over-read in ospf6_print_lshdr() function in print-ospf6.c (CVE-2018-14880)
* tcpdump: Buffer over-read in bgp_capabilities_print() function in print-bgp.c (CVE-2018-14881)
* tcpdump: Buffer over-read in function rpl_dio_printopt in print-icmp6.c (CVE-2018-14882)
* tcpdump: Buffer over-read in print-802_11.c (CVE-2018-16227)
* tcpdump: Access to uninitialized buffer in print_prefix() function in print-hncp.c (CVE-2018-16228)
* tcpdump: Buffer over-read in dccp_print_option() function in print-dccp.c (CVE-2018-16229)
* tcpdump: Buffer over-read in bgp_attr_print() function in print-bgp.c (CVE-2018-16230)
* tcpdump: Resource exhaustion in bgp_attr_print() function in print-bgp.c (CVE-2018-16300)
* tcpdump: Buffer over-read in print_trans() function in print-smb.c (CVE-2018-16451)
* tcpdump: Resource exhaustion in smb_fdata() funtion in smbutil.c (CVE-2018-16452)
* tcpdump: Buffer overflow in lmp_print_data_link_subobjs() in print-lmp.c (CVE-2019-15166)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for tcpdump is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces.\n\nThe following packages have been upgraded to a later upstream version: tcpdump (4.9.3). (BZ#1804063)\n\nSecurity Fix(es):\n\n* tcpdump: SMB data printing mishandled (CVE-2018-10103)\n\n* tcpdump: SMB data printing mishandled (CVE-2018-10105)\n\n* tcpdump: Out of bounds read/write in get_next_file() in tcpdump.c (CVE-2018-14879)\n\n* tcpdump: Buffer over-read in ldp_tlv_print() function in print-ldp.c (CVE-2018-14461)\n\n* tcpdump: Buffer over-read in icmp_print() function in print-icmp.c (CVE-2018-14462)\n\n* tcpdump: Buffer over-read in vrrp_print() function in print-vrrp.c (CVE-2018-14463)\n\n* tcpdump: Buffer over-read in lmp_print_data_link_subobjs() function in print-lmp.c (CVE-2018-14464)\n\n* tcpdump: Buffer over-read in rsvp_obj_print() function in print-rsvp.c (CVE-2018-14465)\n\n* tcpdump: Buffer over-read in print-icmp6.c (CVE-2018-14466)\n\n* tcpdump: Buffer over-read in bgp_capabilities_print() in print-bgp.c (CVE-2018-14467)\n\n* tcpdump: Buffer over-read in mfr_print() function in print-fr.c (CVE-2018-14468)\n\n* tcpdump: Buffer over-read in ikev1_n_print() function in print-isakmp.c (CVE-2018-14469)\n\n* tcpdump: Buffer over-read in babel_print_v2() in print-babel.c (CVE-2018-14470)\n\n* tcpdump: Buffer over-read in ospf6_print_lshdr() function in print-ospf6.c (CVE-2018-14880)\n\n* tcpdump: Buffer over-read in bgp_capabilities_print() function in print-bgp.c (CVE-2018-14881)\n\n* tcpdump: Buffer over-read in function rpl_dio_printopt in print-icmp6.c (CVE-2018-14882)\n\n* tcpdump: Buffer over-read in print-802_11.c (CVE-2018-16227)\n\n* tcpdump: Access to uninitialized buffer in print_prefix() function in print-hncp.c (CVE-2018-16228)\n\n* tcpdump: Buffer over-read in dccp_print_option() function in print-dccp.c (CVE-2018-16229)\n\n* tcpdump: Buffer over-read in bgp_attr_print() function in print-bgp.c (CVE-2018-16230)\n\n* tcpdump: Resource exhaustion in bgp_attr_print() function in print-bgp.c (CVE-2018-16300)\n\n* tcpdump: Buffer over-read in print_trans() function in print-smb.c (CVE-2018-16451)\n\n* tcpdump: Resource exhaustion in smb_fdata() funtion in smbutil.c (CVE-2018-16452)\n\n* tcpdump: Buffer overflow in lmp_print_data_link_subobjs() in print-lmp.c (CVE-2019-15166)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:4760", "url": "https://access.redhat.com/errata/RHSA-2020:4760" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/", "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/" }, { "category": "external", "summary": "1760430", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760430" }, { "category": "external", "summary": "1760445", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760445" }, { "category": "external", "summary": "1760447", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760447" }, { "category": "external", "summary": "1760449", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760449" }, { "category": "external", "summary": "1760453", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760453" }, { "category": "external", "summary": "1760455", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760455" }, { "category": "external", "summary": "1760457", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760457" }, { "category": "external", "summary": "1760458", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760458" }, { "category": "external", "summary": "1760461", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760461" }, { "category": "external", "summary": "1760463", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760463" }, { "category": "external", "summary": "1760464", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760464" }, { "category": "external", "summary": "1760468", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760468" }, { "category": "external", "summary": "1760504", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760504" }, { "category": "external", "summary": "1760505", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760505" }, { "category": "external", "summary": "1760506", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760506" }, { "category": "external", "summary": "1760507", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760507" }, { "category": "external", "summary": "1760509", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760509" }, { "category": "external", "summary": "1760512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760512" }, { "category": "external", "summary": "1760513", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760513" }, { "category": "external", "summary": "1760514", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760514" }, { "category": "external", "summary": "1760516", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760516" }, { "category": "external", "summary": "1760517", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760517" }, { "category": "external", "summary": "1760518", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760518" }, { "category": "external", "summary": "1760520", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760520" }, { "category": "external", "summary": "1804063", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1804063" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4760.json" } ], "title": "Red Hat Security Advisory: tcpdump security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-11-22T15:18:21+00:00", "generator": { "date": "2024-11-22T15:18:21+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:4760", "initial_release_date": "2020-11-04T01:47:16+00:00", "revision_history": [ { "date": "2020-11-04T01:47:16+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-11-04T01:47:16+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T15:18:21+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "tcpdump-14:4.9.3-1.el8.ppc64le", "product": { "name": "tcpdump-14:4.9.3-1.el8.ppc64le", "product_id": "tcpdump-14:4.9.3-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/tcpdump@4.9.3-1.el8?arch=ppc64le\u0026epoch=14" } } }, { "category": "product_version", "name": "tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "product": { "name": "tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "product_id": "tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/tcpdump-debugsource@4.9.3-1.el8?arch=ppc64le\u0026epoch=14" } } }, { "category": "product_version", "name": "tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "product": { "name": "tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "product_id": "tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/tcpdump-debuginfo@4.9.3-1.el8?arch=ppc64le\u0026epoch=14" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "tcpdump-14:4.9.3-1.el8.s390x", "product": { "name": "tcpdump-14:4.9.3-1.el8.s390x", "product_id": "tcpdump-14:4.9.3-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tcpdump@4.9.3-1.el8?arch=s390x\u0026epoch=14" } } }, { "category": "product_version", "name": "tcpdump-debugsource-14:4.9.3-1.el8.s390x", "product": { "name": "tcpdump-debugsource-14:4.9.3-1.el8.s390x", "product_id": "tcpdump-debugsource-14:4.9.3-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tcpdump-debugsource@4.9.3-1.el8?arch=s390x\u0026epoch=14" } } }, { "category": "product_version", "name": "tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "product": { "name": "tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "product_id": "tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tcpdump-debuginfo@4.9.3-1.el8?arch=s390x\u0026epoch=14" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "tcpdump-14:4.9.3-1.el8.x86_64", "product": { "name": "tcpdump-14:4.9.3-1.el8.x86_64", "product_id": "tcpdump-14:4.9.3-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tcpdump@4.9.3-1.el8?arch=x86_64\u0026epoch=14" } } }, { "category": "product_version", "name": "tcpdump-debugsource-14:4.9.3-1.el8.x86_64", "product": { "name": "tcpdump-debugsource-14:4.9.3-1.el8.x86_64", "product_id": "tcpdump-debugsource-14:4.9.3-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tcpdump-debugsource@4.9.3-1.el8?arch=x86_64\u0026epoch=14" } } }, { "category": "product_version", "name": "tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "product": { "name": "tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "product_id": "tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tcpdump-debuginfo@4.9.3-1.el8?arch=x86_64\u0026epoch=14" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "tcpdump-14:4.9.3-1.el8.aarch64", "product": { "name": "tcpdump-14:4.9.3-1.el8.aarch64", "product_id": "tcpdump-14:4.9.3-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tcpdump@4.9.3-1.el8?arch=aarch64\u0026epoch=14" } } }, { "category": "product_version", "name": "tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "product": { "name": "tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "product_id": "tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tcpdump-debugsource@4.9.3-1.el8?arch=aarch64\u0026epoch=14" } } }, { "category": "product_version", "name": "tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "product": { "name": "tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "product_id": "tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tcpdump-debuginfo@4.9.3-1.el8?arch=aarch64\u0026epoch=14" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "tcpdump-14:4.9.3-1.el8.src", "product": { "name": "tcpdump-14:4.9.3-1.el8.src", "product_id": "tcpdump-14:4.9.3-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tcpdump@4.9.3-1.el8?arch=src\u0026epoch=14" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "tcpdump-14:4.9.3-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64" }, "product_reference": "tcpdump-14:4.9.3-1.el8.aarch64", "relates_to_product_reference": "AppStream-8.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "tcpdump-14:4.9.3-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le" }, "product_reference": "tcpdump-14:4.9.3-1.el8.ppc64le", "relates_to_product_reference": "AppStream-8.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "tcpdump-14:4.9.3-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x" }, "product_reference": "tcpdump-14:4.9.3-1.el8.s390x", "relates_to_product_reference": "AppStream-8.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "tcpdump-14:4.9.3-1.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src" }, "product_reference": "tcpdump-14:4.9.3-1.el8.src", "relates_to_product_reference": "AppStream-8.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "tcpdump-14:4.9.3-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64" }, "product_reference": "tcpdump-14:4.9.3-1.el8.x86_64", "relates_to_product_reference": "AppStream-8.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "tcpdump-debuginfo-14:4.9.3-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64" }, "product_reference": "tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "relates_to_product_reference": "AppStream-8.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le" }, "product_reference": "tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "relates_to_product_reference": "AppStream-8.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "tcpdump-debuginfo-14:4.9.3-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x" }, "product_reference": "tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "relates_to_product_reference": "AppStream-8.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "tcpdump-debuginfo-14:4.9.3-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64" }, "product_reference": "tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "relates_to_product_reference": "AppStream-8.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "tcpdump-debugsource-14:4.9.3-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64" }, "product_reference": "tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "relates_to_product_reference": "AppStream-8.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "tcpdump-debugsource-14:4.9.3-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le" }, "product_reference": "tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "relates_to_product_reference": "AppStream-8.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "tcpdump-debugsource-14:4.9.3-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x" }, "product_reference": "tcpdump-debugsource-14:4.9.3-1.el8.s390x", "relates_to_product_reference": "AppStream-8.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "tcpdump-debugsource-14:4.9.3-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" }, "product_reference": "tcpdump-debugsource-14:4.9.3-1.el8.x86_64", "relates_to_product_reference": "AppStream-8.3.0.GA" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-10103", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-09-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760504" } ], "notes": [ { "category": "description", "text": "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).", "title": "Vulnerability description" }, { "category": "summary", "text": "tcpdump: SMB data printing mishandled", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-10103" }, { "category": "external", "summary": "RHBZ#1760504", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760504" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10103", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10103" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10103", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10103" } ], "release_date": "2019-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:47:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4760" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tcpdump: SMB data printing mishandled" }, { "cve": "CVE-2018-10105", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-09-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760505" } ], "notes": [ { "category": "description", "text": "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).", "title": "Vulnerability description" }, { "category": "summary", "text": "tcpdump: SMB data printing mishandled", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-10105" }, { "category": "external", "summary": "RHBZ#1760505", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760505" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10105", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10105" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10105", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10105" } ], "release_date": "2019-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:47:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4760" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tcpdump: SMB data printing mishandled" }, { "cve": "CVE-2018-14461", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2019-09-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760506" } ], "notes": [ { "category": "description", "text": "An out-of-bounds read vulnerability was discovered in tcpdump while printing LDP packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "tcpdump: Buffer over-read in ldp_tlv_print() function in print-ldp.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14461" }, { "category": "external", "summary": "RHBZ#1760506", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760506" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14461", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14461" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14461", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14461" } ], "release_date": "2019-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:47:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4760" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tcpdump: Buffer over-read in ldp_tlv_print() function in print-ldp.c" }, { "cve": "CVE-2018-14462", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2019-09-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760455" } ], "notes": [ { "category": "description", "text": "An out-of-bounds read flaw was discovered in tcpdump while printing ICMP packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application. System availability is the highest threat from this vulnerability", "title": "Vulnerability description" }, { "category": "summary", "text": "tcpdump: Buffer over-read in icmp_print() function in print-icmp.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14462" }, { "category": "external", "summary": "RHBZ#1760455", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760455" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14462", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14462" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14462", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14462" } ], "release_date": "2019-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:47:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4760" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tcpdump: Buffer over-read in icmp_print() function in print-icmp.c" }, { "cve": "CVE-2018-14463", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2019-09-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760453" } ], "notes": [ { "category": "description", "text": "An out-of-bounds read vulnerability was discovered in tcpdump while printing VRRP packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "tcpdump: Buffer over-read in vrrp_print() function in print-vrrp.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14463" }, { "category": "external", "summary": "RHBZ#1760453", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760453" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14463", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14463" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14463", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14463" } ], "release_date": "2019-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:47:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4760" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tcpdump: Buffer over-read in vrrp_print() function in print-vrrp.c" }, { "cve": "CVE-2018-14464", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2019-09-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760507" } ], "notes": [ { "category": "description", "text": "An out-of-bounds read vulnerability was discovered in tcpdump while printing LMP packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "tcpdump: Buffer over-read in lmp_print_data_link_subobjs() function in print-lmp.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14464" }, { "category": "external", "summary": "RHBZ#1760507", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760507" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14464", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14464" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14464", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14464" } ], "release_date": "2019-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:47:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4760" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tcpdump: Buffer over-read in lmp_print_data_link_subobjs() function in print-lmp.c" }, { "cve": "CVE-2018-14465", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2019-09-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760449" } ], "notes": [ { "category": "description", "text": "An out-of-bounds read vulnerability was discovered in tcpdump while printing RSVP packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "tcpdump: Buffer over-read in rsvp_obj_print() function in print-rsvp.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14465" }, { "category": "external", "summary": "RHBZ#1760449", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760449" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14465", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14465" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14465", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14465" } ], "release_date": "2019-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:47:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4760" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tcpdump: Buffer over-read in rsvp_obj_print() function in print-rsvp.c" }, { "cve": "CVE-2018-14466", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2019-09-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760509" } ], "notes": [ { "category": "description", "text": "The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().", "title": "Vulnerability description" }, { "category": "summary", "text": "tcpdump: Buffer over-read in print-icmp6.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14466" }, { "category": "external", "summary": "RHBZ#1760509", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760509" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14466", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14466" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14466", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14466" } ], "release_date": "2019-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:47:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4760" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tcpdump: Buffer over-read in print-icmp6.c" }, { "cve": "CVE-2018-14467", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2019-09-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760512" } ], "notes": [ { "category": "description", "text": "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).", "title": "Vulnerability description" }, { "category": "summary", "text": "tcpdump: Buffer over-read in bgp_capabilities_print() in print-bgp.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14467" }, { "category": "external", "summary": "RHBZ#1760512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14467", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14467" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14467", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14467" } ], "release_date": "2019-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:47:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4760" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tcpdump: Buffer over-read in bgp_capabilities_print() in print-bgp.c" }, { "cve": "CVE-2018-14468", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2019-09-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760464" } ], "notes": [ { "category": "description", "text": "An out-of-bounds read vulnerability was discovered in tcpdump while printing FRF.16 packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "tcpdump: Buffer over-read in mfr_print() function in print-fr.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14468" }, { "category": "external", "summary": "RHBZ#1760464", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760464" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14468", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14468" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14468", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14468" } ], "release_date": "2019-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:47:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4760" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tcpdump: Buffer over-read in mfr_print() function in print-fr.c" }, { "cve": "CVE-2018-14469", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2019-09-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760447" } ], "notes": [ { "category": "description", "text": "An out-of-bounds read vulnerability was discovered in tcpdump while printing ISAKMP packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "tcpdump: Buffer over-read in ikev1_n_print() function in print-isakmp.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14469" }, { "category": "external", "summary": "RHBZ#1760447", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760447" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14469", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14469" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14469", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14469" } ], "release_date": "2019-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:47:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4760" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tcpdump: Buffer over-read in ikev1_n_print() function in print-isakmp.c" }, { "cve": "CVE-2018-14470", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2019-09-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760513" } ], "notes": [ { "category": "description", "text": "The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().", "title": "Vulnerability description" }, { "category": "summary", "text": "tcpdump: Buffer over-read in babel_print_v2() in print-babel.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14470" }, { "category": "external", "summary": "RHBZ#1760513", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760513" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14470", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14470" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14470", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14470" } ], "release_date": "2019-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:47:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4760" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tcpdump: Buffer over-read in babel_print_v2() in print-babel.c" }, { "cve": "CVE-2018-14879", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2019-09-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760457" } ], "notes": [ { "category": "description", "text": "An out-of-bounds write vulnerability was discovered in tcpdump while reading the file passed to the -V option of the command line program. An attacker may abuse this flaw by tricking a victim user into using a malicious file with the -V option, which would make the program read one byte before a stack-based allocated buffer and potentially write a NULL byte to it.", "title": "Vulnerability description" }, { "category": "summary", "text": "tcpdump: Out of bounds read/write in in get_next_file() in tcpdump.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14879" }, { "category": "external", "summary": "RHBZ#1760457", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760457" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14879", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14879" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14879", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14879" } ], "release_date": "2019-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:47:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4760" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tcpdump: Out of bounds read/write in in get_next_file() in tcpdump.c" }, { "cve": "CVE-2018-14880", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2019-09-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760468" } ], "notes": [ { "category": "description", "text": "An out-of-bounds read vulnerability was discovered in tcpdump while printing OSPFv3 packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "tcpdump: Buffer over-read in ospf6_print_lshdr() function in print-ospf6.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14880" }, { "category": "external", "summary": "RHBZ#1760468", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760468" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14880", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14880" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14880", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14880" } ], "release_date": "2019-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:47:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4760" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tcpdump: Buffer over-read in ospf6_print_lshdr() function in print-ospf6.c" }, { "cve": "CVE-2018-14881", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2019-09-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760463" } ], "notes": [ { "category": "description", "text": "An out-of-bounds read vulnerability was discovered in tcpdump while printing BGP packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "tcpdump: Buffer over-read in bgp_capabilities_print() function in print-bgp.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14881" }, { "category": "external", "summary": "RHBZ#1760463", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760463" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14881", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14881" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14881", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14881" } ], "release_date": "2019-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:47:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4760" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tcpdump: Buffer over-read in bgp_capabilities_print() function in print-bgp.c" }, { "cve": "CVE-2018-14882", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2019-09-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760430" } ], "notes": [ { "category": "description", "text": "An out-of-bounds read vulnerability was discovered in tcpdump while printing ICMP6 packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "tcpdump: Buffer over-read in function rpl_dio_printopt in print-icmp6.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14882" }, { "category": "external", "summary": "RHBZ#1760430", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760430" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14882", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14882" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14882", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14882" } ], "release_date": "2019-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:47:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4760" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tcpdump: Buffer over-read in function rpl_dio_printopt in print-icmp6.c" }, { "cve": "CVE-2018-16227", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2019-09-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760461" } ], "notes": [ { "category": "description", "text": "An out-of-bounds read vulnerability was discovered in tcpdump while printing IEEE 802.11 packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "tcpdump: Buffer over-read in print-802_11.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-16227" }, { "category": "external", "summary": "RHBZ#1760461", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760461" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-16227", "url": "https://www.cve.org/CVERecord?id=CVE-2018-16227" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-16227", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16227" } ], "release_date": "2019-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:47:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4760" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tcpdump: Buffer over-read in print-802_11.c" }, { "cve": "CVE-2018-16228", "cwe": { "id": "CWE-665", "name": "Improper Initialization" }, "discovery_date": "2019-09-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760514" } ], "notes": [ { "category": "description", "text": "A flaw was found in tcpdump where an uninitialized buffer is accessed in tcpdump while printing HNCP packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application. System availability is the highest threat from this vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "tcpdump: Access to uninitialized buffer in print_prefix() function in print-hncp.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the versions of tcpdump as shipped with Red Hat Enterprise Linux 7 as they already include the patch.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-16228" }, { "category": "external", "summary": "RHBZ#1760514", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760514" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-16228", "url": "https://www.cve.org/CVERecord?id=CVE-2018-16228" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-16228", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16228" } ], "release_date": "2019-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:47:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4760" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tcpdump: Access to uninitialized buffer in print_prefix() function in print-hncp.c" }, { "cve": "CVE-2018-16229", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2019-09-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760458" } ], "notes": [ { "category": "description", "text": "An out-of-bounds read vulnerability was discovered in tcpdump while printing DCCP packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "tcpdump: Buffer over-read in dccp_print_option() function in print-dccp.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-16229" }, { "category": "external", "summary": "RHBZ#1760458", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760458" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-16229", "url": "https://www.cve.org/CVERecord?id=CVE-2018-16229" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-16229", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16229" } ], "release_date": "2019-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:47:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4760" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tcpdump: Buffer over-read in dccp_print_option() function in print-dccp.c" }, { "cve": "CVE-2018-16230", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2019-09-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760516" } ], "notes": [ { "category": "description", "text": "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).", "title": "Vulnerability description" }, { "category": "summary", "text": "tcpdump: Buffer over-read in bgp_attr_print() function in print-bgp.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-16230" }, { "category": "external", "summary": "RHBZ#1760516", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760516" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-16230", "url": "https://www.cve.org/CVERecord?id=CVE-2018-16230" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-16230", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16230" } ], "release_date": "2019-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:47:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4760" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tcpdump: Buffer over-read in bgp_attr_print() function in print-bgp.c" }, { "cve": "CVE-2018-16300", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-09-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760445" } ], "notes": [ { "category": "description", "text": "An uncontrolled resource consumption flaw was discovered in the way tcpdump prints BGP packets. The BGP protocol allows ATTR_SET to be nested as many times as the message can accommodate, however when a specially crafted packet is crafted and parsed by tcpdump, this may lead to stack exhaustion due to uncontrolled recursion. System availability is the highest threat from this vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "tcpdump: Resource exhaustion in bgp_attr_print() function in print-bgp.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-16300" }, { "category": "external", "summary": "RHBZ#1760445", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760445" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-16300", "url": "https://www.cve.org/CVERecord?id=CVE-2018-16300" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-16300", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16300" } ], "release_date": "2019-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:47:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4760" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tcpdump: Resource exhaustion in bgp_attr_print() function in print-bgp.c" }, { "cve": "CVE-2018-16451", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2019-09-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760517" } ], "notes": [ { "category": "description", "text": "The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN.", "title": "Vulnerability description" }, { "category": "summary", "text": "tcpdump: Buffer over-read in print_trans() function in print-smb.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-16451" }, { "category": "external", "summary": "RHBZ#1760517", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760517" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-16451", "url": "https://www.cve.org/CVERecord?id=CVE-2018-16451" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-16451", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16451" } ], "release_date": "2019-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:47:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4760" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tcpdump: Buffer over-read in print_trans() function in print-smb.c" }, { "cve": "CVE-2018-16452", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-09-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760518" } ], "notes": [ { "category": "description", "text": "The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.", "title": "Vulnerability description" }, { "category": "summary", "text": "tcpdump: Resource exhaustion in smb_fdata() funtion in smbutil.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-16452" }, { "category": "external", "summary": "RHBZ#1760518", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760518" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-16452", "url": "https://www.cve.org/CVERecord?id=CVE-2018-16452" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-16452", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16452" } ], "release_date": "2019-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:47:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4760" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tcpdump: Resource exhaustion in smb_fdata() funtion in smbutil.c" }, { "cve": "CVE-2019-15166", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2019-09-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760520" } ], "notes": [ { "category": "description", "text": "lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.", "title": "Vulnerability description" }, { "category": "summary", "text": "tcpdump: Buffer overflow in lmp_print_data_link_subobjs() in print-lmp.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15166" }, { "category": "external", "summary": "RHBZ#1760520", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760520" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15166", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15166" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15166", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15166" } ], "release_date": "2019-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:47:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4760" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.src", "AppStream-8.3.0.GA:tcpdump-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debuginfo-14:4.9.3-1.el8.x86_64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.aarch64", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.ppc64le", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.s390x", "AppStream-8.3.0.GA:tcpdump-debugsource-14:4.9.3-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tcpdump: Buffer overflow in lmp_print_data_link_subobjs() in print-lmp.c" } ] }
rhsa-2021_2191
Vulnerability from csaf_redhat
Published
2021-06-01 16:32
Modified
2024-11-22 15:18
Summary
Red Hat Security Advisory: tcpdump security update
Notes
Topic
An update for tcpdump is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces.
Security Fix(es):
* tcpdump: SMB data printing mishandled (CVE-2018-10103)
* tcpdump: SMB data printing mishandled (CVE-2018-10105)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for tcpdump is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces.\n\nSecurity Fix(es):\n\n* tcpdump: SMB data printing mishandled (CVE-2018-10103)\n\n* tcpdump: SMB data printing mishandled (CVE-2018-10105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:2191", "url": "https://access.redhat.com/errata/RHSA-2021:2191" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1760504", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760504" }, { "category": "external", "summary": "1760505", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760505" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2191.json" } ], "title": "Red Hat Security Advisory: tcpdump security update", "tracking": { "current_release_date": "2024-11-22T15:18:28+00:00", "generator": { "date": "2024-11-22T15:18:28+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:2191", "initial_release_date": "2021-06-01T16:32:41+00:00", "revision_history": [ { "date": "2021-06-01T16:32:41+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-06-01T16:32:41+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T15:18:28+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product": { "name": "Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_eus:8.2::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "tcpdump-14:4.9.2-7.el8_2.src", "product": { "name": "tcpdump-14:4.9.2-7.el8_2.src", "product_id": "tcpdump-14:4.9.2-7.el8_2.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tcpdump@4.9.2-7.el8_2?arch=src\u0026epoch=14" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "tcpdump-14:4.9.2-7.el8_2.aarch64", "product": { "name": "tcpdump-14:4.9.2-7.el8_2.aarch64", "product_id": "tcpdump-14:4.9.2-7.el8_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tcpdump@4.9.2-7.el8_2?arch=aarch64\u0026epoch=14" } } }, { "category": "product_version", "name": "tcpdump-debugsource-14:4.9.2-7.el8_2.aarch64", "product": { "name": "tcpdump-debugsource-14:4.9.2-7.el8_2.aarch64", "product_id": "tcpdump-debugsource-14:4.9.2-7.el8_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tcpdump-debugsource@4.9.2-7.el8_2?arch=aarch64\u0026epoch=14" } } }, { "category": "product_version", "name": "tcpdump-debuginfo-14:4.9.2-7.el8_2.aarch64", "product": { "name": "tcpdump-debuginfo-14:4.9.2-7.el8_2.aarch64", "product_id": "tcpdump-debuginfo-14:4.9.2-7.el8_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tcpdump-debuginfo@4.9.2-7.el8_2?arch=aarch64\u0026epoch=14" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "tcpdump-14:4.9.2-7.el8_2.ppc64le", "product": { "name": "tcpdump-14:4.9.2-7.el8_2.ppc64le", "product_id": "tcpdump-14:4.9.2-7.el8_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/tcpdump@4.9.2-7.el8_2?arch=ppc64le\u0026epoch=14" } } }, { "category": "product_version", "name": "tcpdump-debugsource-14:4.9.2-7.el8_2.ppc64le", "product": { "name": "tcpdump-debugsource-14:4.9.2-7.el8_2.ppc64le", "product_id": "tcpdump-debugsource-14:4.9.2-7.el8_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/tcpdump-debugsource@4.9.2-7.el8_2?arch=ppc64le\u0026epoch=14" } } }, { "category": "product_version", "name": "tcpdump-debuginfo-14:4.9.2-7.el8_2.ppc64le", "product": { "name": "tcpdump-debuginfo-14:4.9.2-7.el8_2.ppc64le", "product_id": "tcpdump-debuginfo-14:4.9.2-7.el8_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/tcpdump-debuginfo@4.9.2-7.el8_2?arch=ppc64le\u0026epoch=14" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "tcpdump-14:4.9.2-7.el8_2.x86_64", "product": { "name": "tcpdump-14:4.9.2-7.el8_2.x86_64", "product_id": "tcpdump-14:4.9.2-7.el8_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tcpdump@4.9.2-7.el8_2?arch=x86_64\u0026epoch=14" } } }, { "category": "product_version", "name": "tcpdump-debugsource-14:4.9.2-7.el8_2.x86_64", "product": { "name": "tcpdump-debugsource-14:4.9.2-7.el8_2.x86_64", "product_id": "tcpdump-debugsource-14:4.9.2-7.el8_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tcpdump-debugsource@4.9.2-7.el8_2?arch=x86_64\u0026epoch=14" } } }, { "category": "product_version", "name": "tcpdump-debuginfo-14:4.9.2-7.el8_2.x86_64", "product": { "name": "tcpdump-debuginfo-14:4.9.2-7.el8_2.x86_64", "product_id": "tcpdump-debuginfo-14:4.9.2-7.el8_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tcpdump-debuginfo@4.9.2-7.el8_2?arch=x86_64\u0026epoch=14" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "tcpdump-14:4.9.2-7.el8_2.s390x", "product": { "name": "tcpdump-14:4.9.2-7.el8_2.s390x", "product_id": "tcpdump-14:4.9.2-7.el8_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tcpdump@4.9.2-7.el8_2?arch=s390x\u0026epoch=14" } } }, { "category": "product_version", "name": "tcpdump-debugsource-14:4.9.2-7.el8_2.s390x", "product": { "name": "tcpdump-debugsource-14:4.9.2-7.el8_2.s390x", "product_id": "tcpdump-debugsource-14:4.9.2-7.el8_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tcpdump-debugsource@4.9.2-7.el8_2?arch=s390x\u0026epoch=14" } } }, { "category": "product_version", "name": "tcpdump-debuginfo-14:4.9.2-7.el8_2.s390x", "product": { "name": "tcpdump-debuginfo-14:4.9.2-7.el8_2.s390x", "product_id": "tcpdump-debuginfo-14:4.9.2-7.el8_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tcpdump-debuginfo@4.9.2-7.el8_2?arch=s390x\u0026epoch=14" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "tcpdump-14:4.9.2-7.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.aarch64" }, "product_reference": "tcpdump-14:4.9.2-7.el8_2.aarch64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "tcpdump-14:4.9.2-7.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.ppc64le" }, "product_reference": "tcpdump-14:4.9.2-7.el8_2.ppc64le", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "tcpdump-14:4.9.2-7.el8_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.s390x" }, "product_reference": "tcpdump-14:4.9.2-7.el8_2.s390x", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "tcpdump-14:4.9.2-7.el8_2.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.src" }, "product_reference": "tcpdump-14:4.9.2-7.el8_2.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "tcpdump-14:4.9.2-7.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.x86_64" }, "product_reference": "tcpdump-14:4.9.2-7.el8_2.x86_64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "tcpdump-debuginfo-14:4.9.2-7.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:tcpdump-debuginfo-14:4.9.2-7.el8_2.aarch64" }, "product_reference": "tcpdump-debuginfo-14:4.9.2-7.el8_2.aarch64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "tcpdump-debuginfo-14:4.9.2-7.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:tcpdump-debuginfo-14:4.9.2-7.el8_2.ppc64le" }, "product_reference": "tcpdump-debuginfo-14:4.9.2-7.el8_2.ppc64le", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "tcpdump-debuginfo-14:4.9.2-7.el8_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:tcpdump-debuginfo-14:4.9.2-7.el8_2.s390x" }, "product_reference": "tcpdump-debuginfo-14:4.9.2-7.el8_2.s390x", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "tcpdump-debuginfo-14:4.9.2-7.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:tcpdump-debuginfo-14:4.9.2-7.el8_2.x86_64" }, "product_reference": "tcpdump-debuginfo-14:4.9.2-7.el8_2.x86_64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "tcpdump-debugsource-14:4.9.2-7.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:tcpdump-debugsource-14:4.9.2-7.el8_2.aarch64" }, "product_reference": "tcpdump-debugsource-14:4.9.2-7.el8_2.aarch64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "tcpdump-debugsource-14:4.9.2-7.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:tcpdump-debugsource-14:4.9.2-7.el8_2.ppc64le" }, "product_reference": "tcpdump-debugsource-14:4.9.2-7.el8_2.ppc64le", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "tcpdump-debugsource-14:4.9.2-7.el8_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:tcpdump-debugsource-14:4.9.2-7.el8_2.s390x" }, "product_reference": "tcpdump-debugsource-14:4.9.2-7.el8_2.s390x", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "tcpdump-debugsource-14:4.9.2-7.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:tcpdump-debugsource-14:4.9.2-7.el8_2.x86_64" }, "product_reference": "tcpdump-debugsource-14:4.9.2-7.el8_2.x86_64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-10103", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-09-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760504" } ], "notes": [ { "category": "description", "text": "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).", "title": "Vulnerability description" }, { "category": "summary", "text": "tcpdump: SMB data printing mishandled", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.s390x", "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.src", "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:tcpdump-debuginfo-14:4.9.2-7.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:tcpdump-debuginfo-14:4.9.2-7.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:tcpdump-debuginfo-14:4.9.2-7.el8_2.s390x", "AppStream-8.2.0.Z.EUS:tcpdump-debuginfo-14:4.9.2-7.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:tcpdump-debugsource-14:4.9.2-7.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:tcpdump-debugsource-14:4.9.2-7.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:tcpdump-debugsource-14:4.9.2-7.el8_2.s390x", "AppStream-8.2.0.Z.EUS:tcpdump-debugsource-14:4.9.2-7.el8_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-10103" }, { "category": "external", "summary": "RHBZ#1760504", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760504" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10103", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10103" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10103", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10103" } ], "release_date": "2019-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-01T16:32:41+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.s390x", "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.src", "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:tcpdump-debuginfo-14:4.9.2-7.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:tcpdump-debuginfo-14:4.9.2-7.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:tcpdump-debuginfo-14:4.9.2-7.el8_2.s390x", "AppStream-8.2.0.Z.EUS:tcpdump-debuginfo-14:4.9.2-7.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:tcpdump-debugsource-14:4.9.2-7.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:tcpdump-debugsource-14:4.9.2-7.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:tcpdump-debugsource-14:4.9.2-7.el8_2.s390x", "AppStream-8.2.0.Z.EUS:tcpdump-debugsource-14:4.9.2-7.el8_2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2191" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.s390x", "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.src", "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:tcpdump-debuginfo-14:4.9.2-7.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:tcpdump-debuginfo-14:4.9.2-7.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:tcpdump-debuginfo-14:4.9.2-7.el8_2.s390x", "AppStream-8.2.0.Z.EUS:tcpdump-debuginfo-14:4.9.2-7.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:tcpdump-debugsource-14:4.9.2-7.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:tcpdump-debugsource-14:4.9.2-7.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:tcpdump-debugsource-14:4.9.2-7.el8_2.s390x", "AppStream-8.2.0.Z.EUS:tcpdump-debugsource-14:4.9.2-7.el8_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tcpdump: SMB data printing mishandled" }, { "cve": "CVE-2018-10105", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-09-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760505" } ], "notes": [ { "category": "description", "text": "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).", "title": "Vulnerability description" }, { "category": "summary", "text": "tcpdump: SMB data printing mishandled", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.s390x", "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.src", "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:tcpdump-debuginfo-14:4.9.2-7.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:tcpdump-debuginfo-14:4.9.2-7.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:tcpdump-debuginfo-14:4.9.2-7.el8_2.s390x", "AppStream-8.2.0.Z.EUS:tcpdump-debuginfo-14:4.9.2-7.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:tcpdump-debugsource-14:4.9.2-7.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:tcpdump-debugsource-14:4.9.2-7.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:tcpdump-debugsource-14:4.9.2-7.el8_2.s390x", "AppStream-8.2.0.Z.EUS:tcpdump-debugsource-14:4.9.2-7.el8_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-10105" }, { "category": "external", "summary": "RHBZ#1760505", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760505" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10105", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10105" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10105", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10105" } ], "release_date": "2019-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-01T16:32:41+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.s390x", "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.src", "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:tcpdump-debuginfo-14:4.9.2-7.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:tcpdump-debuginfo-14:4.9.2-7.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:tcpdump-debuginfo-14:4.9.2-7.el8_2.s390x", "AppStream-8.2.0.Z.EUS:tcpdump-debuginfo-14:4.9.2-7.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:tcpdump-debugsource-14:4.9.2-7.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:tcpdump-debugsource-14:4.9.2-7.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:tcpdump-debugsource-14:4.9.2-7.el8_2.s390x", "AppStream-8.2.0.Z.EUS:tcpdump-debugsource-14:4.9.2-7.el8_2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2191" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.s390x", "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.src", "AppStream-8.2.0.Z.EUS:tcpdump-14:4.9.2-7.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:tcpdump-debuginfo-14:4.9.2-7.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:tcpdump-debuginfo-14:4.9.2-7.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:tcpdump-debuginfo-14:4.9.2-7.el8_2.s390x", "AppStream-8.2.0.Z.EUS:tcpdump-debuginfo-14:4.9.2-7.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:tcpdump-debugsource-14:4.9.2-7.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:tcpdump-debugsource-14:4.9.2-7.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:tcpdump-debugsource-14:4.9.2-7.el8_2.s390x", "AppStream-8.2.0.Z.EUS:tcpdump-debugsource-14:4.9.2-7.el8_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tcpdump: SMB data printing mishandled" } ] }
ghsa-6h64-q58h-x62c
Vulnerability from github
Published
2022-05-24 16:57
Modified
2024-04-04 02:08
Severity ?
Details
tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).
{ "affected": [], "aliases": [ "CVE-2018-10103" ], "database_specific": { "cwe_ids": [ "CWE-20" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2019-10-03T16:15:00Z", "severity": "CRITICAL" }, "details": "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).", "id": "GHSA-6h64-q58h-x62c", "modified": "2024-04-04T02:08:13Z", "published": "2022-05-24T16:57:43Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10103" }, { "type": "WEB", "url": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU" }, { "type": "WEB", "url": "https://seclists.org/bugtraq/2019/Dec/23" }, { "type": "WEB", "url": "https://seclists.org/bugtraq/2019/Oct/28" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20200120-0001" }, { "type": "WEB", "url": "https://support.apple.com/kb/HT210788" }, { "type": "WEB", "url": "https://support.f5.com/csp/article/K44551633?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "type": "WEB", "url": "https://usn.ubuntu.com/4252-1" }, { "type": "WEB", "url": "https://usn.ubuntu.com/4252-2" }, { "type": "WEB", "url": "https://www.debian.org/security/2019/dsa-4547" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html" }, { "type": "WEB", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
gsd-2018-10103
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).
Aliases
Aliases
{ "GSD": { "alias": "CVE-2018-10103", "description": "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).", "id": "GSD-2018-10103", "references": [ "https://www.suse.com/security/cve/CVE-2018-10103.html", "https://www.debian.org/security/2019/dsa-4547", "https://access.redhat.com/errata/RHSA-2021:2191", "https://access.redhat.com/errata/RHSA-2020:4760", "https://ubuntu.com/security/CVE-2018-10103", "https://advisories.mageia.org/CVE-2018-10103.html", "https://linux.oracle.com/cve/CVE-2018-10103.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2018-10103" ], "details": "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).", "id": "GSD-2018-10103", "modified": "2023-12-13T01:22:41.109603Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-10103", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", "refsource": "CONFIRM", "url": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES" }, { "name": "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html" }, { "name": "openSUSE-SU-2019:2344", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html" }, { "name": "openSUSE-SU-2019:2348", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html" }, { "name": "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Oct/28" }, { "name": "DSA-4547", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4547" }, { "name": "FEDORA-2019-85d92df70f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" }, { "name": "FEDORA-2019-d06bc63433", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" }, { "name": "FEDORA-2019-6db0d5b9d9", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/" }, { "name": "https://support.f5.com/csp/article/K44551633?utm_source=f5support\u0026amp;utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K44551633?utm_source=f5support\u0026amp;utm_medium=RSS" }, { "name": "https://support.apple.com/kb/HT210788", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210788" }, { "name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Dec/23" }, { "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" }, { "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" }, { "name": "USN-4252-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4252-2/" }, { "name": "USN-4252-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4252-1/" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.9.3", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-10103" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-20" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", "refsource": "CONFIRM", "tags": [ "Release Notes", "Third Party Advisory" ], "url": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES" }, { "name": "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", "refsource": "MLIST", "tags": [], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html" }, { "name": "openSUSE-SU-2019:2348", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html" }, { "name": "openSUSE-SU-2019:2344", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html" }, { "name": "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", "refsource": "BUGTRAQ", "tags": [], "url": "https://seclists.org/bugtraq/2019/Oct/28" }, { "name": "DSA-4547", "refsource": "DEBIAN", "tags": [], "url": "https://www.debian.org/security/2019/dsa-4547" }, { "name": "FEDORA-2019-85d92df70f", "refsource": "FEDORA", "tags": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" }, { "name": "FEDORA-2019-d06bc63433", "refsource": "FEDORA", "tags": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" }, { "name": "FEDORA-2019-6db0d5b9d9", "refsource": "FEDORA", "tags": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/" }, { "name": "https://support.f5.com/csp/article/K44551633?utm_source=f5support\u0026amp;utm_medium=RSS", "refsource": "CONFIRM", "tags": [], "url": "https://support.f5.com/csp/article/K44551633?utm_source=f5support\u0026amp;utm_medium=RSS" }, { "name": "https://support.apple.com/kb/HT210788", "refsource": "CONFIRM", "tags": [], "url": "https://support.apple.com/kb/HT210788" }, { "name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "refsource": "BUGTRAQ", "tags": [], "url": "https://seclists.org/bugtraq/2019/Dec/23" }, { "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "refsource": "FULLDISC", "tags": [], "url": "http://seclists.org/fulldisclosure/2019/Dec/26" }, { "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", "refsource": "CONFIRM", "tags": [], "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" }, { "name": "USN-4252-2", "refsource": "UBUNTU", "tags": [], "url": "https://usn.ubuntu.com/4252-2/" }, { "name": "USN-4252-1", "refsource": "UBUNTU", "tags": [], "url": "https://usn.ubuntu.com/4252-1/" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } }, "lastModifiedDate": "2019-10-11T23:15Z", "publishedDate": "2019-10-03T16:15Z" } } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.