In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization. Reference: https://github.com/zyingp/temp/blob/master/tcpdump.md
Could not reproduce with tcpdump-4.9.2-6.fc29.i686: $ ldd $(which tcpdump) | grep asan libasan.so.5 => /lib/libasan.so.5 (0xf7575000) $ tcpdump -ee -vv -nnr id_57.pcap reading from file id_57.pcap, link-type EN10MB (Ethernet) 07:52:49.784807 08:00:25:d4:10:bb > 08:00:27:10:8f:95, ethertype IPv6 (0x86dd), length 16: truncated-ip6 2 07:52:49.892740 08:00:27:da:8f:95 > 33:33:00:00:ff:fe, ethertype IPv6 (0x86dd), length 32929: truncated-ip6 - 32511 bytes missing!(flowlabel 0x0fdff, hlim 0, next-header UDP (17) payload length: 65386) 80ff:ff00::a00:6873:7570:6c6f.8231 > 7274:a43:6f70:7972:6967:6874:3328:6329.14648: hncp (13861) Future use: type=13312 (12) Unassigned: type=128 (4) Assigned-Prefix (48) EPID: ff000000 Prty: 5 Prefix: ��V�2��� (invalid) Reserved: type=0 (20) Future use: type=12 (14) [|hncp] tcpdump: pcap_loop: truncated dump file; tried to read 8 bytes, only got 4
Statement: This issue affects the versions of tcpdump as shipped with Red Hat Enterprise Linux 7. This issue did not affect the versions of tcpdump as shipped with Red Hat Enterprise Linux 5 and 6.
*** Bug 1735549 has been marked as a duplicate of this bug. ***
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3976 https://access.redhat.com/errata/RHSA-2019:3976
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-19519
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1604 https://access.redhat.com/errata/RHSA-2020:1604