Vulnerabilities > Tcpdump

DATE CVE VULNERABILITY TITLE RISK
2022-01-05 CVE-2021-41043 Use After Free vulnerability in Tcpdump Tcpslice
Use after free in tcpslice triggers AddressSanitizer, no other confirmed impact.
network
tcpdump CWE-416
4.3
2020-11-04 CVE-2020-8037 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
network
low complexity
tcpdump debian fedoraproject apple CWE-770
5.0
2020-11-04 CVE-2020-8036 Out-of-bounds Read vulnerability in Tcpdump 4.10.0
The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way.
network
low complexity
tcpdump CWE-125
5.0
2019-10-03 CVE-2019-15165 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.
5.0
2019-10-03 CVE-2019-15164 Server-Side Request Forgery (SSRF) vulnerability in Tcpdump Libpcap
rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source.
network
low complexity
tcpdump CWE-918
5.0
2019-10-03 CVE-2019-15163 NULL Pointer Dereference vulnerability in Tcpdump Libpcap
rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails.
network
low complexity
tcpdump CWE-476
5.0
2019-10-03 CVE-2019-15162 Insufficient Verification of Data Authenticity vulnerability in Tcpdump Libpcap
rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.
network
low complexity
tcpdump CWE-345
5.0
2019-10-03 CVE-2019-15161 Incorrect Calculation of Buffer Size vulnerability in Tcpdump Libpcap
rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable.
network
low complexity
tcpdump CWE-131
5.0
2019-10-03 CVE-2019-15166 Classic Buffer Overflow vulnerability in multiple products
lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.
5.0
2019-10-03 CVE-2018-16301 Classic Buffer Overflow vulnerability in Tcpdump
The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile().
4.4