Out-of-bounds Read in tcpdump | CVE-2018-19519

Q: How to fix?

Upgrade Oracle:8 tcpdump to version 14:4.9.2-6.el8 or higher. This issue was patched in ELSA-2020-1604 .

Threat Intelligence

0.13% (49^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-ORACLE8-TCPDUMP-2552943
published10 Apr 2022
disclosed25 Nov 2018

Report a new vulnerability Found a mistake?

Introduced: 25 Nov 2018

CVE-2018-19519 (opens in a new tab) CWE-125 (opens in a new tab) CWE-909 (opens in a new tab)

How to fix?

Upgrade Oracle:8 tcpdump to version 14:4.9.2-6.el8 or higher.
This issue was patched in ELSA-2020-1604.

NVD Description

Note: Versions mentioned in the description apply only to the upstream tcpdump package and not the tcpdump package as distributed by Oracle. See How to fix? for Oracle:8 relevant fixed versions and status.

In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization.

Out-of-bounds Read Affecting tcpdump package, versions <14:4.9.2-6.el8

Severity

Threat Intelligence

Do your applications use this vulnerable package?

Introduced: 25 Nov 2018

How to fix?

NVD Description

References