CVE-2014-8768

Published: Nov 20, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.

Affected (11)

Products: Canonical: Ubuntu Linux · Oracle: Solaris · Redhat: Tcpdump

1 product

1 product

1 product

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 14.10

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Solaris	Version 11.2

Configuration D

6 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Redhat Tcpdump	Version 4.5.0
Redhat Tcpdump	Version 4.5.1
Redhat Tcpdump	Version 4.5.2
Redhat Tcpdump	Version 4.6.0
Redhat Tcpdump	Version 4.6.1
Redhat Tcpdump	Version 4.6.2

Running on/with	Platform Versions
Opensuse Opensuse	Version 13.1
Opensuse Opensuse	Version 13.2

Related CWEs

Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References (18)

http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html

Source: cve@mitre.org

Third Party Advisory

http://packetstormsecurity.com/files/129156/tcpdump-4.6.2-Geonet-Denial-Of-Service.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2014/Nov/48

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://www.exploit-db.com/exploits/35359

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/archive/1/534010/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/71155

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2433-1

Source: cve@mitre.org

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/98766

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://packetstormsecurity.com/files/129156/tcpdump-4.6.2-Geonet-Denial-Of-Service.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2014/Nov/48

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://www.exploit-db.com/exploits/35359

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/archive/1/534010/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/71155

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2433-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/98766

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.