CVE-2018-14879

CVE-2018-14879

Name

CVE-2018-14879

Description

The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Patch	https://github.com/the-tcpdump-group/tcpdump/commit/9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6
Release Notes	https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
Third Party Advisory	https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
Third Party Advisory	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
Third Party Advisory	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
Mailing List	https://seclists.org/bugtraq/2019/Oct/28
Third Party Advisory	https://www.debian.org/security/2019/dsa-4547
Third Party Advisory	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
Third Party Advisory	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
Third Party Advisory	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
Third Party Advisory	https://support.f5.com/csp/article/K51512510?utm_source=f5support&utm_medium=RSS
Third Party Advisory	https://support.apple.com/kb/HT210788
Mailing List	https://seclists.org/bugtraq/2019/Dec/23
Mailing List	http://seclists.org/fulldisclosure/2019/Dec/26
CONFIRM	https://security.netapp.com/advisory/ntap-20200120-0001/
UBUNTU	https://usn.ubuntu.com/4252-2/
UBUNTU	https://usn.ubuntu.com/4252-1/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
cve@mitre.org	https://support.f5.com/csp/article/K51512510?utm_source=f5support&amp%3Butm_medium=RSS

Type

URI

Patch

https://github.com/the-tcpdump-group/tcpdump/commit/9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6

Release Notes

https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html

Mailing List

https://seclists.org/bugtraq/2019/Oct/28

Third Party Advisory

https://www.debian.org/security/2019/dsa-4547

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/

Third Party Advisory

https://support.f5.com/csp/article/K51512510?utm_source=f5support&utm_medium=RSS

Third Party Advisory

https://support.apple.com/kb/HT210788

Mailing List

https://seclists.org/bugtraq/2019/Dec/23

Mailing List

http://seclists.org/fulldisclosure/2019/Dec/26

CONFIRM

https://security.netapp.com/advisory/ntap-20200120-0001/

UBUNTU

https://usn.ubuntu.com/4252-2/

UBUNTU

https://usn.ubuntu.com/4252-1/

cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/

cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/

cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/

cve@mitre.org

https://support.f5.com/csp/article/K51512510?utm_source=f5support&amp%3Butm_medium=RSS

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:f5:traffix_sdc::::::::`	traffix_sdc	>= 5.0.0	<= 5.1.0
`cpe:2.3:a:tcpdump:tcpdump::::::::`	tcpdump	>= None	< 4.9.3
`cpe:2.3:o:apple:mac_os_x::::::::`	mac_os_x	>= None	< 10.15.2
`cpe:2.3:o:debian:debian_linux:8.0:::::::*`	debian_linux	== None	== 8.0
`cpe:2.3:o:debian:debian_linux:9.0:::::::*`	debian_linux	== None	== 9.0
`cpe:2.3:o:debian:debian_linux:10.0:::::::*`	debian_linux	== None	== 10.0
`cpe:2.3:o:fedoraproject:fedora:29:::::::*`	fedora	== None	== 29
`cpe:2.3:o:fedoraproject:fedora:30:::::::*`	fedora	== None	== 30
`cpe:2.3:o:fedoraproject:fedora:31:::::::*`	fedora	== None	== 31
`cpe:2.3:o:opensuse:leap:15.0:::::::*`	leap	== None	== 15.0
`cpe:2.3:o:opensuse:leap:15.1:::::::*`	leap	== None	== 15.1
`cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*`	enterprise_linux	== None	== 7.0
`cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*`	enterprise_linux	== None	== 8.0
`cpe:2.3:a:f5:traffix_signaling_delivery_controller::::::::`	traffix_signaling_delivery_controller	>= 5.0.0	<= 5.1.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:f5:traffix_sdc:*:*:*:*:*:*:*:*

traffix_sdc

>= 5.0.0

<= 5.1.0

cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*

tcpdump

>= None

< 4.9.3

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

mac_os_x

>= None

< 10.15.2

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

debian_linux

== None

== 8.0

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

debian_linux

== None

== 9.0

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

debian_linux

== None

== 10.0

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

fedora

== None

== 29

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

fedora

== None

== 30

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

fedora

== None

== 31

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

leap

== None

== 15.0

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

leap

== None

== 15.1

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

enterprise_linux

== None

== 7.0

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

enterprise_linux

== None

== 8.0

cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*

traffix_signaling_delivery_controller

>= 5.0.0

<= 5.1.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
tcpdump	edge-main	4.9.3-r0	None	fixed
tcpdump	edge-main	4.9.1-r0	None	possibly vulnerable
tcpdump	edge-main	4.9.0-r0	None	possibly vulnerable
tcpdump	3.22-main	4.9.3-r0	None	fixed
tcpdump	3.22-main	4.9.1-r0	None	possibly vulnerable
tcpdump	3.22-main	4.9.0-r0	None	possibly vulnerable
tcpdump	3.21-main	4.9.3-r0	None	fixed
tcpdump	3.21-main	4.9.1-r0	None	possibly vulnerable
tcpdump	3.21-main	4.9.0-r0	None	possibly vulnerable
tcpdump	3.20-main	4.9.3-r0	None	fixed
tcpdump	3.20-main	4.9.1-r0	None	possibly vulnerable
tcpdump	3.20-main	4.9.0-r0	None	possibly vulnerable
tcpdump	3.19-main	4.9.3-r0	None	fixed
tcpdump	3.19-main	4.9.1-r0	None	possibly vulnerable
tcpdump	3.19-main	4.9.0-r0	None	possibly vulnerable
tcpdump	3.18-main	4.9.3-r0	None	fixed
tcpdump	3.17-main	4.9.3-r0	None	fixed
tcpdump	3.12-main	4.9.3-r0	None	fixed
tcpdump	3.11-main	4.9.3-r0	None	fixed
tcpdump	3.10-main	4.9.3-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

tcpdump

edge-main

4.9.3-r0

None

fixed

tcpdump

edge-main