tcpdump is vulnerable to information disclosure. The vulnerability exists through a stack-based buffer over-read in print-hncp.c:print_prefix() via crafted pcap.
CPE | Name | Operator | Version |
---|---|---|---|
tcpdump | eq | 4.9.2__5.el8 |
www.securityfocus.com/bid/106098
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index
access.redhat.com/errata/RHSA-2019:3976
access.redhat.com/errata/RHSA-2020:1604
access.redhat.com/security/updates/classification/#low
github.com/zyingp/temp/blob/master/tcpdump.md
kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516
lists.fedoraproject.org/archives/list/[email protected]/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
lists.fedoraproject.org/archives/list/[email protected]/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
lists.fedoraproject.org/archives/list/[email protected]/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
usn.ubuntu.com/4252-1/
usn.ubuntu.com/4252-2/