Published: 20/11/2014 Updated: 30/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Integer underflow in the olsr_print function in tcpdump 3.9.6 up to and including 4.6.2, when in verbose mode, allows remote malicious users to cause a denial of service (crash) via a crafted length value in an OLSR frame.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat tcpdump 4.6.1
redhat tcpdump 4.6.0
redhat tcpdump 4.2.1
redhat tcpdump 4.1.2
redhat tcpdump 4.5.0
redhat tcpdump 4.4.0
redhat tcpdump 3.9.8
redhat tcpdump 3.9.7
redhat tcpdump 4.6.2
redhat tcpdump 4.3.1
redhat tcpdump 4.3.0
redhat tcpdump 3.9.6
redhat tcpdump 4.5.2
redhat tcpdump 4.5.1
redhat tcpdump 4.1.1
redhat tcpdump 4.1.0
redhat tcpdump 4.0.0

Several security issues were fixed in tcpdump ...

Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer These vulnerabilities might result in denial of service, leaking sensitive information from memory or, potentially, execution of arbitrary code For the stable distribution (wheezy), these problems have been fixed in version 430-1+deb7u1 For the upc ...

Debian Bug report logs - #770415 tcpdump: CVE-2014-8768: denial of service in verbose mode using malformed Geonet payload Package: tcpdump; Maintainer for tcpdump is Romain Francoise <rfrancoise@debianorg>; Source for tcpdump is src:tcpdump (PTS, buildd, popcon) Reported by: Nguyen Cong <congnguyenthe@toshiba-tsdvcom&g ...

Debian Bug report logs - #770424 tcpdump: CVE-2014-8769: unreliable output using malformed AOVD payload Package: tcpdump; Maintainer for tcpdump is Romain Francoise <rfrancoise@debianorg>; Source for tcpdump is src:tcpdump (PTS, buildd, popcon) Reported by: Nguyen Cong <congnguyenthe@toshiba-tsdvcom> Date: Fri, 21 ...

Debian Bug report logs - #770434 tcpdump: CVE-2014-8767: tcpdump denial of service in verbose mode using malformed OLSR payload Package: tcpdump; Maintainer for tcpdump is Romain Francoise <rfrancoise@debianorg>; Source for tcpdump is src:tcpdump (PTS, buildd, popcon) Reported by: Nguyen Cong <congnguyenthe@toshiba-tsdv ...

Integer underflow in the olsr_print function in tcpdump 396 through 462, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame ...

tcpdump versions 396 through 462 suffers from a denial of service vulnerability when handling a malformed OLSR payload ...

CWE-189 http://www.securityfocus.com/bid/71150 http://seclists.org/fulldisclosure/2014/Nov/47 http://packetstormsecurity.com/files/129155/tcpdump-4.6.2-OSLR-Denial-Of-Service.html http://www.ubuntu.com/usn/USN-2433-1 http://www.debian.org/security/2014/dsa-3086 http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html http://www.mandriva.com/security/advisories?name=MDVSA-2014:240 http://advisories.mageia.org/MGASA-2014-0503.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:125 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html https://support.apple.com/kb/HT205031 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html https://exchange.xforce.ibmcloud.com/vulnerabilities/98765 http://www.securityfocus.com/archive/1/534011/100/0/threaded https://nvd.nist.gov https://usn.ubuntu.com/2433-1/https://access.redhat.com/security/cve/cve-2014-8767

CVE-2014-8767

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect