CVE-2003-0093

2004-09-0104:00:00

mitre

web.nvd.nist.gov

cve-2003-0093

radius decoder

tcpdump 3.6.2

denial of service

nvd

vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.3

Confidence

Low

EPSS

0.02

Percentile

88.9%

JSON

The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service (crash) via an invalid RADIUS packet with a header length field of 0, which causes tcpdump to generate data within an infinite loop.

Affected configurations

Nvd

Node

lbltcpdumpMatch3.4

lbltcpdumpMatch3.4a6

lbltcpdumpMatch3.5

lbltcpdumpMatch3.5.2

lbltcpdumpMatch3.6.2

VendorProductVersionCPE
lbltcpdump3.4a6cpe:/a:lbl:tcpdump:3.4a6:::
lbltcpdump3.5cpe:/a:lbl:tcpdump:3.5:::
lbltcpdump3.5.2cpe:/a:lbl:tcpdump:3.5.2:::
lbltcpdump3.6.2cpe:/a:lbl:tcpdump:3.6.2:::
lbltcpdump3.4cpe:/a:lbl:tcpdump:3.4:::

Vendor	Product	Version	CPE
lbl	tcpdump	3.4a6	cpe:/a:lbl:tcpdump:3.4a6:::
lbl	tcpdump	3.5	cpe:/a:lbl:tcpdump:3.5:::
lbl	tcpdump	3.5.2	cpe:/a:lbl:tcpdump:3.5.2:::
lbl	tcpdump	3.6.2	cpe:/a:lbl:tcpdump:3.6.2:::
lbl	tcpdump	3.4	cpe:/a:lbl:tcpdump:3.4:::