CVE-2017-13013

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-13013
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-13013.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-13013
Downstream
Related
Published
2017-09-14T06:29:01Z
Modified
2025-10-21T04:10:41.094Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions.

References

Affected packages

Git / github.com/the-tcpdump-group/tcpdump

Affected ranges

Type
GIT
Repo
https://github.com/the-tcpdump-group/tcpdump
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
13ab8d18617d616c7d343530f8a842e7143fb5cc

Affected versions

tcpdump-3.*

tcpdump-3.5.1
tcpdump-3.6.1
tcpdump-3.7.1
tcpdump-3.8-bp

tcpdump-4.*

tcpdump-4.5.0
tcpdump-4.6.0
tcpdump-4.6.0-bp
tcpdump-4.7.0-bp
tcpdump-4.9.0-bp

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/the-tcpdump-group/tcpdump/commit/13ab8d18617d616c7d343530f8a842e7143fb5cc",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "atmarp_print",
            "file": "print-arp.c"
        },
        "id": "CVE-2017-13013-64f0217c",
        "signature_type": "Function",
        "digest": {
            "length": 2377.0,
            "function_hash": "120720058613379764286434028053907257287"
        }
    },
    {
        "source": "https://github.com/the-tcpdump-group/tcpdump/commit/13ab8d18617d616c7d343530f8a842e7143fb5cc",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "arp_print",
            "file": "print-arp.c"
        },
        "id": "CVE-2017-13013-bf6d403d",
        "signature_type": "Function",
        "digest": {
            "length": 2685.0,
            "function_hash": "334125166438401385834268988110510984839"
        }
    },
    {
        "source": "https://github.com/the-tcpdump-group/tcpdump/commit/13ab8d18617d616c7d343530f8a842e7143fb5cc",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "print-arp.c"
        },
        "id": "CVE-2017-13013-f8999380",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "289421457496875284434448887101542912473",
                "316503105046235545314453637352450429612",
                "61778640420485910724142212365003252833",
                "228572764734839754341536439547478080752",
                "34094183822541012987068015310481221355",
                "246859438574123516193374792186185473772",
                "80626505142890602385585672841777422258",
                "304919301808442608103704736100865144425",
                "71253588607476481541822006038256971805",
                "204182494541824437714674981671630162176",
                "202302964204009040625907825830412487879",
                "72884191634589572814459918552841824523",
                "293885146656960987231321745253169414266",
                "277291957186776057245011726335728309530",
                "293026187528397076813901971931702164176",
                "35903218526677602978808988863201194771",
                "75206976895483153848620464414658736069",
                "20549351655143604934549873749333012466",
                "256556187080211877930556165548339467514",
                "104071443967618205272353749272321719978",
                "287714989233273571995253637466034980794",
                "39744618006627816939870542239093798678",
                "113670747163441267193221896624439778949",
                "207113928547065266874631989741388674186",
                "336881001119795321686215618798747046916",
                "24594919834742498879898604031256110533",
                "228374393448532318325832364791777388994",
                "242986161628019899207810896959101771785",
                "90523286215930579378627459087001239792",
                "256506520110756328968586430087113640068",
                "158181053987036687265642846671456231339",
                "43895323595395760660656285057253886560",
                "200269605534634149174392426761458837111",
                "43872662543692258487123142702893052379",
                "108593513024023077381970660215907548926",
                "172128563972197499987112322005275491944",
                "54630216236006796327336419889735337991",
                "19277526733595240303366928353724910516",
                "317216886702684525147243078252836964830",
                "170770143272091575400375764695299831607",
                "130702824140053832468656992223252188211",
                "181682967945868769698264822202555257580",
                "12859286393282247879500365084949113800",
                "132766435400979969790816928409898752917",
                "153276377072517550885364269807361538246",
                "91250313021911208620575556777164566352",
                "200436714306099589695008519236345181137",
                "53695113742464634654948811092484183824",
                "49984350220054005586430029877163106969",
                "202964171700387884549808298951565491258",
                "315393236913559389419007912545699861221",
                "128870436566359802248815036501349686521",
                "239743360412502470510470368077023260400",
                "107139013890961210884172569588307713939",
                "300839620193381952266344760619003539314",
                "239719645637826916439158795628584665005",
                "250297904291178698272841851216037180668",
                "23763981750574975746326371655293166060"
            ]
        }
    }
]