Vulnerabilities > Tcpdump
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-31 | CVE-2023-7256 | Double Free vulnerability in Tcpdump Libpcap In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. | 4.4 |
| 2024-08-31 | CVE-2024-8006 | NULL Pointer Dereference vulnerability in Tcpdump Libpcap Remote packet capture support is disabled by default in libpcap. | 4.4 |
| 2023-04-07 | CVE-2023-1801 | Out-of-bounds Write vulnerability in Tcpdump 4.99.3 The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet. | 6.5 |
| 2022-01-05 | CVE-2021-41043 | Use After Free vulnerability in Tcpdump Tcpslice Use after free in tcpslice triggers AddressSanitizer, no other confirmed impact. | 4.3 |
| 2020-11-04 | CVE-2020-8037 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. | 7.5 |
| 2020-11-04 | CVE-2020-8036 | Out-of-bounds Read vulnerability in Tcpdump 4.10.0 The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way. | 5.0 |
| 2019-10-03 | CVE-2019-15165 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. | 5.3 |
| 2019-10-03 | CVE-2019-15164 | Server-Side Request Forgery (SSRF) vulnerability in Tcpdump Libpcap rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source. | 5.3 |
| 2019-10-03 | CVE-2019-15163 | NULL Pointer Dereference vulnerability in Tcpdump Libpcap rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails. | 7.5 |
| 2019-10-03 | CVE-2019-15162 | Insufficient Verification of Data Authenticity vulnerability in Tcpdump Libpcap rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames. | 5.3 |