2241763 – (CVE-2019-15167) CVE-2019-15167 tcpdump: Buffer over-read in vrrp_print() function in print-vrrp.c

Bug 2241763 (CVE-2019-15167) - CVE-2019-15167 tcpdump: Buffer over-read in vrrp_print() function in print-vrrp.c

Summary: CVE-2019-15167 tcpdump: Buffer over-read in vrrp_print() function in print-vr...

Keywords:
Status:	NEW
Alias:	CVE-2019-15167
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2241764
TreeView+	depends on / blocked

Reported:	2023-10-02 14:33 UTC by Pedro Sampaio
Modified:	2024-03-28 14:53 UTC (History)
CC List:	0 users
Fixed In Version:	tcpdum 4.9.3
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2023-10-02 14:33:28 UTC

The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463. 

Upstream commit:

https://github.com/the-tcpdump-group/tcpdump/commit/a152aebfd1114376ba266ed30416be596ef9d806

Note You need to log in before you can comment on or make changes to this bug.