The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().
{
"source": [
"CPE_RANGE",
"REFERENCES"
],
"cpe": "cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "4.9.1"
}
]
}"2026-07-08T12:44:21Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12986.json"
[
{
"id": "CVE-2017-12986-4d7a2901",
"digest": {
"line_hashes": [
"192707722051195284161584889376195263419",
"221458468991469620263554047268183003623",
"247800741027474284885436326737696942658",
"135847807847197040153488082620276053087",
"117276732660065893194407804521681065670",
"302677013742355543193013432006490799068"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/the-tcpdump-group/tcpdump/commit/7ac73d6cd41e9d4ac0ca7e6830ca390e195bb21c",
"deprecated": false,
"target": {
"file": "ip6.h"
}
}
]