Red Hat Bugzilla – Bug 1472878
CVE-2017-11108 tcpdump: Heap buffer overflow in the EXTRACT_16BITS function
Last modified: 2017-09-05 06:45:56 EDT
tcpdump allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol.
Created tcpdump tracking bugs for this issue:
Affects: fedora-all [bug 1472879]
According to NVD, CVSSv3 score is actually 7.5, not 3.3:
CVSS v3 Base Score:
Could you reconsider?
(In reply to Dominik Mierzejewski from comment #2)
> According to NVD, CVSSv3 score is actually 7.5, not 3.3:
> CVSS v3 Base Score:
> 7.5 High
> Impact Score:
> Exploitability Score:
> Could you reconsider?
NVD has a habit of assuming the worst case scenario even where it's very improbable. A discussion in the upstream bug agrees with us that this should not concern well configured deployments.
An attacker would have to be on the same L2 link, and have permission by the switching fabric to send STP packets. We don't plan to fix this asynchronously as of now.
Thank you for the clarification, Andrej.