QwikSec

Security Database

CVE

CWE

Training

CVE-2019-1010220

Published: Jul 22, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". The attack vector is: The victim must open a specially crafted pcap file.

Vendor	Product	Versions
tcpdump.org	tcpdump	affected `4.9.2`

Weaknesses (CWE)

References

https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9.2/print-hncp.c

x_refsource_MISC

https://github.com/the-tcpdump-group/tcpdump/blob/master/print-hncp.c

x_refsource_MISC

https://github.com/the-tcpdump-group/tcpdump/commits/master/print-hncp.c

x_refsource_MISC

openSUSE-SU-2019:1964

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:2344

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:2348

vendor-advisory

x_refsource_SUSE

FEDORA-2019-85d92df70f

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-d06bc63433

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-6db0d5b9d9

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.