CVE-2017-12900

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-12900
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12900.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-12900
Downstream
Related
Published
2017-09-14T06:29:00Z
Modified
2025-10-21T04:10:26.229656Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2strbuf().

References

Affected packages

Git / github.com/the-tcpdump-group/tcpdump

Affected ranges

Type
GIT
Repo
https://github.com/the-tcpdump-group/tcpdump
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
0318fa8b61bd6c837641129d585f1a73c652b1e0

Affected versions

tcpdump-3.*

tcpdump-3.5.1
tcpdump-3.6.1
tcpdump-3.7.1
tcpdump-3.8-bp

tcpdump-4.*

tcpdump-4.5.0
tcpdump-4.6.0
tcpdump-4.6.0-bp
tcpdump-4.7.0-bp
tcpdump-4.9.0-bp

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "249792396176372392899668153153011385128",
                "203561160431601188015626403175706537592",
                "147836605465189813655155649870614887423",
                "73117280770744554929234499326241577374"
            ]
        },
        "target": {
            "file": "print-lldp.c"
        },
        "signature_version": "v1",
        "id": "CVE-2017-12900-13ba2548",
        "deprecated": false,
        "source": "https://github.com/the-tcpdump-group/tcpdump/commit/0318fa8b61bd6c837641129d585f1a73c652b1e0"
    },
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "187866627452079226450449730478816644335",
                "96089795993813924729169146911821348228",
                "44510747311602326313973868301826425550",
                "180728348787287198707532452509364407212"
            ]
        },
        "target": {
            "file": "print-zephyr.c"
        },
        "signature_version": "v1",
        "id": "CVE-2017-12900-794d90fa",
        "deprecated": false,
        "source": "https://github.com/the-tcpdump-group/tcpdump/commit/0318fa8b61bd6c837641129d585f1a73c652b1e0"
    },
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "169577120722358044768187932787943922402",
                "212303081025250594234528128259298295498",
                "66853058011606276969496307019452103484",
                "278148100220678628931403813243130346977"
            ]
        },
        "target": {
            "file": "print-lspping.c"
        },
        "signature_version": "v1",
        "id": "CVE-2017-12900-cd7332e3",
        "deprecated": false,
        "source": "https://github.com/the-tcpdump-group/tcpdump/commit/0318fa8b61bd6c837641129d585f1a73c652b1e0"
    },
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "219042723296988811246376927418514898062",
                "88209263465382211686591578184849709099",
                "202916208505590268428786864682072942787",
                "225295460996470136666675446229536616432"
            ]
        },
        "target": {
            "file": "print-bgp.c"
        },
        "signature_version": "v1",
        "id": "CVE-2017-12900-cd9b4fdb",
        "deprecated": false,
        "source": "https://github.com/the-tcpdump-group/tcpdump/commit/0318fa8b61bd6c837641129d585f1a73c652b1e0"
    }
]