Vulnerabilities > Tcpdump

DATE CVE VULNERABILITY TITLE RISK
2020-11-04 CVE-2020-8037 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
network
low complexity
tcpdump debian fedoraproject apple CWE-770
5.0
2020-11-04 CVE-2020-8036 Out-of-bounds Read vulnerability in Tcpdump 4.10.0
The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way.
network
low complexity
tcpdump CWE-125
5.0
2019-10-03 CVE-2019-15165 Allocation of Resources Without Limits or Throttling vulnerability in Tcpdump Libpcap
sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.
network
low complexity
tcpdump CWE-770
5.0
2019-10-03 CVE-2019-15164 Server-Side Request Forgery (SSRF) vulnerability in Tcpdump Libpcap
rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source.
network
low complexity
tcpdump CWE-918
5.0
2019-10-03 CVE-2019-15163 NULL Pointer Dereference vulnerability in Tcpdump Libpcap
rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails.
network
low complexity
tcpdump CWE-476
5.0
2019-10-03 CVE-2019-15162 Insufficient Verification of Data Authenticity vulnerability in Tcpdump Libpcap
rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.
network
low complexity
tcpdump CWE-345
5.0
2019-10-03 CVE-2019-15161 Incorrect Calculation of Buffer Size vulnerability in Tcpdump Libpcap
rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable.
network
low complexity
tcpdump CWE-131
5.0
2019-10-03 CVE-2019-15166 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.
5.0
2019-10-03 CVE-2018-16452 Uncontrolled Recursion vulnerability in Tcpdump
The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.
network
low complexity
tcpdump CWE-674
5.0
2019-10-03 CVE-2018-16451 Out-of-bounds Read vulnerability in multiple products
The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.
5.0