VAR-201709-0094
Vulnerability from variot - Updated: 2023-12-18 12:44print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash). tcpdump Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TcpDump can completely intercept the data packets transmitted in the network for analysis. It supports filtering for the network layer, protocol, host, network or port, and provides logical statements such as and, or, not to help you remove useless information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0094",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "leap",
"scope": "eq",
"trust": 2.4,
"vendor": "opensuse",
"version": "42.1"
},
{
"model": "leap",
"scope": "eq",
"trust": 2.4,
"vendor": "opensuse",
"version": "42.2"
},
{
"model": "tcpdump",
"scope": "lte",
"trust": 1.0,
"vendor": "tcpdump",
"version": "4.7.3"
},
{
"model": "tcpdump",
"scope": "lt",
"trust": 0.8,
"vendor": "the tcpdump group",
"version": "4.7.4"
},
{
"model": "tcpdump",
"scope": "lt",
"trust": 0.6,
"vendor": "tcpdump",
"version": "4.7.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34692"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007941"
},
{
"db": "NVD",
"id": "CVE-2015-3138"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1282"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.7.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse_project:leap:42.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3138"
}
]
},
"cve": "CVE-2015-3138",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-3138",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-34692",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-3138",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-3138",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-34692",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-1282",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34692"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007941"
},
{
"db": "NVD",
"id": "CVE-2015-3138"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1282"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash). tcpdump Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TcpDump can completely intercept the data packets transmitted in the network for analysis. It supports filtering for the network layer, protocol, host, network or port, and provides logical statements such as and, or, not to help you remove useless information",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3138"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007941"
},
{
"db": "CNVD",
"id": "CNVD-2017-34692"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3138",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007941",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-34692",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1282",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34692"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007941"
},
{
"db": "NVD",
"id": "CVE-2015-3138"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1282"
}
]
},
"id": "VAR-201709-0094",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34692"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34692"
}
]
},
"last_update_date": "2023-12-18T12:44:27.537000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "whiteboard: fixup a few reversed tests (GH #446)",
"trust": 0.8,
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/3ed82f4ed0095768529afc22b923c8f7171fff70"
},
{
"title": "CVE-2015-3138 over-read issues in tcpdump Whiteboard decoder #446",
"trust": 0.8,
"url": "https://github.com/the-tcpdump-group/tcpdump/issues/446"
},
{
"title": "openSUSE-SU-2017:1199",
"trust": 0.8,
"url": "https://lists.opensuse.org/opensuse-updates/2017-05/msg00018.html"
},
{
"title": "Bug 1212342",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212342"
},
{
"title": "Patch for Tcpdump Denial of Service Vulnerability (CNVD-2017-34692)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/106498"
},
{
"title": "tcpdump Enter the fix for the verification vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75180"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34692"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007941"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1282"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007941"
},
{
"db": "NVD",
"id": "CVE-2015-3138"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-updates/2017-05/msg00018.html"
},
{
"trust": 1.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212342"
},
{
"trust": 1.6,
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/3ed82f4ed0095768529afc22b923c8f7171fff70"
},
{
"trust": 1.6,
"url": "https://github.com/the-tcpdump-group/tcpdump/issues/446"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3138"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3138"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34692"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007941"
},
{
"db": "NVD",
"id": "CVE-2015-3138"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1282"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-34692"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007941"
},
{
"db": "NVD",
"id": "CVE-2015-3138"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1282"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-34692"
},
{
"date": "2017-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007941"
},
{
"date": "2017-09-28T01:29:00.560000",
"db": "NVD",
"id": "CVE-2015-3138"
},
{
"date": "2017-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1282"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-34692"
},
{
"date": "2017-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007941"
},
{
"date": "2018-10-30T16:27:33.013000",
"db": "NVD",
"id": "CVE-2015-3138"
},
{
"date": "2017-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1282"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1282"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "tcpdump Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007941"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1282"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1282"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…