The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension().
{
"source": [
"CPE_RANGE",
"REFERENCES"
],
"cpe": "cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "4.9.1"
}
]
}"2026-07-08T15:10:25Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-13002.json"
[
{
"id": "CVE-2017-13002-266a0c01",
"digest": {
"function_hash": "164397173096654157906450316320417877895",
"length": 526.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/the-tcpdump-group/tcpdump/commit/cbddb98484ea8ec1deece351abd56e063d775b38",
"deprecated": false,
"target": {
"function": "aodv_extension",
"file": "print-aodv.c"
}
},
{
"id": "CVE-2017-13002-5d999394",
"digest": {
"line_hashes": [
"59373564063132191542804749987495323322",
"286682638896156381158531370316063127915",
"326161937921958804526879663223078547902",
"159990607256671605948192378609516071864",
"66217069427196333979042797737438505239",
"66629552716848942290975199070408193533",
"314394036222618622321502395512252959053",
"327294673778404640977094385071186906436",
"79242783861957410684004802958355017243",
"288926120455830515850103469142834678882",
"143527073549405448983781237409959220142",
"10804449696145113049281283610880859833"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/the-tcpdump-group/tcpdump/commit/cbddb98484ea8ec1deece351abd56e063d775b38",
"deprecated": false,
"target": {
"file": "print-aodv.c"
}
}
]