A vulnerability was found in tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". The attack vector is: The victim must open a specially crafted pcap file. Reference: https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9.2/print-hncp.c https://github.com/the-tcpdump-group/tcpdump/blob/master/print-hncp.c https://github.com/the-tcpdump-group/tcpdump/commits/master/print-hncp.c
Created tcpdump tracking bugs for this issue: Affects: fedora-all [bug 1735550]
*** This bug has been marked as a duplicate of bug 1655374 ***
Statement: This flaw was found to be a duplicate of CVE-2018-19519. Please see https://access.redhat.com/security/cve/CVE-2018-19519 for information about affected products and security errata.