CVE-2018-14879

Published: Oct 3, 2019Modified: Dec 3, 2025

7.0

Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.0 / Impact: 5.9

Source: NVD

Description

The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().

Affected (13)

Products: Apple: Mac Os X · Debian: Debian Linux · F5: Traffix Signaling Delivery Controller · +4 more

Show all products

Apple: Mac Os X · Debian: Debian Linux · F5: Traffix Signaling Delivery Controller · Fedoraproject: Fedora · Opensuse: Leap · Redhat: Enterprise Linux · Tcpdump: Tcpdump

1 product

1 product

1 product

Traffix Signaling Delivery Controller

1 product

1 product

1 product

Enterprise Linux

1 product

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Before 10.15.2
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0
F5 Traffix Signaling Delivery Controller	From 5.0.0 to 5.1.0
Fedoraproject Fedora	Version 29
Fedoraproject Fedora	Version 30
Fedoraproject Fedora	Version 31
Opensuse Leap	Version 15.0
Opensuse Leap	Version 15.1
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux	Version 8.0
Tcpdump Tcpdump	Before 4.9.3

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (34)

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html

Source: cve@mitre.org

Third Party Advisory

http://seclists.org/fulldisclosure/2019/Dec/26

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES

Source: cve@mitre.org

Release NotesThird Party Advisory

https://github.com/the-tcpdump-group/tcpdump/commit/9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html

Source: cve@mitre.org

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/

Source: cve@mitre.org

https://seclists.org/bugtraq/2019/Dec/23

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Oct/28

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20200120-0001/

Source: cve@mitre.org

https://support.apple.com/kb/HT210788

Source: cve@mitre.org

Third Party Advisory

https://support.f5.com/csp/article/K51512510?utm_source=f5support&amp%3Butm_medium=RSS

Source: cve@mitre.org

https://usn.ubuntu.com/4252-1/

Source: cve@mitre.org

https://usn.ubuntu.com/4252-2/

Source: cve@mitre.org

https://www.debian.org/security/2019/dsa-4547

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://seclists.org/fulldisclosure/2019/Dec/26

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/the-tcpdump-group/tcpdump/commit/9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/

Source: af854a3a-2127-422b-91ae-364da2661108

https://seclists.org/bugtraq/2019/Dec/23

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Oct/28

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20200120-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/kb/HT210788

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.f5.com/csp/article/K51512510?utm_source=f5support&amp%3Butm_medium=RSS

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/4252-1/

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/4252-2/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2019/dsa-4547

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.