Buffer Overflow Vulnerability in tcpdump by the Tcpdump Group
CVE-2018-16301

7.8HIGH

Key Information:

Vendor: The Tcpdump Group
Status: Tcpdump
Vendor: CVE Published:; 3 October 2019

🔔 Create The Tcpdump Group Vulnerability Alert

What is CVE-2018-16301?

The tcpdump command-line utility is susceptible to a buffer overflow due to improper handling of input file names. Attackers can exploit this flaw by creating a large 4GB file on the local filesystem and passing the filename as an argument using the -F option. This can lead to potential denial of service or arbitrary code execution, posing a significant risk to systems utilizing affected versions.

Affected Version(s)

tcpdump < 4.99.0

References

https://github.com/the-tcpdump-group/tcpdump/commit/ad7c2...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2019
Vulnerability Reserved
Aug 31, 2018

Credit

Include Security and Mozilla Secure Open Source program

CVE-2018-16301 Data

JSON