CVE-2003-1029

2004-02-1705:00:00

mitre

web.nvd.nist.gov

cve-2003-1029

l2tp

tcpdump

denial of service

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.2

Confidence

Low

EPSS

0.407

Percentile

97.3%

JSON

The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets.

Affected configurations

Nvd

Node

lbltcpdumpMatch3.4

lbltcpdumpMatch3.5

lbltcpdumpMatch3.5.2

lbltcpdumpMatch3.6.2

lbltcpdumpMatch3.6.3

lbltcpdumpMatch3.7

VendorProductVersionCPE
lbltcpdump3.4cpe:2.3:a:lbl:tcpdump:3.4:*:*:*:*:*:*:*
lbltcpdump3.5cpe:2.3:a:lbl:tcpdump:3.5:*:*:*:*:*:*:*
lbltcpdump3.5.2cpe:2.3:a:lbl:tcpdump:3.5.2:*:*:*:*:*:*:*
lbltcpdump3.6.2cpe:2.3:a:lbl:tcpdump:3.6.2:*:*:*:*:*:*:*
lbltcpdump3.6.3cpe:2.3:a:lbl:tcpdump:3.6.3:*:*:*:*:*:*:*
lbltcpdump3.7cpe:2.3:a:lbl:tcpdump:3.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lbl	tcpdump	3.4	cpe:2.3:a:lbl:tcpdump:3.4:::::::*
lbl	tcpdump	3.5	cpe:2.3:a:lbl:tcpdump:3.5:::::::*
lbl	tcpdump	3.5.2	cpe:2.3:a:lbl:tcpdump:3.5.2:::::::*
lbl	tcpdump	3.6.2	cpe:2.3:a:lbl:tcpdump:3.6.2:::::::*
lbl	tcpdump	3.6.3	cpe:2.3:a:lbl:tcpdump:3.6.3:::::::*
lbl	tcpdump	3.7	cpe:2.3:a:lbl:tcpdump:3.7:::::::*