The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print().
{
"source": [
"CPE_RANGE",
"REFERENCES"
],
"cpe": "cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "4.9.1"
}
]
}"2026-07-08T11:35:16Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-13042.json"
[
{
"id": "CVE-2017-13042-1f39d2d2",
"digest": {
"line_hashes": [
"271291941724673615232417132637518384269",
"26677000921868014255256920594760141729",
"309734749288011757570807663444403848149",
"10411421256108217757264424966383925420",
"225917642202699590963619218400178643302",
"253769488728218380134974015218682599142",
"172467566841741380615140722830442186602",
"315415057899283192826447604930330826938"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/the-tcpdump-group/tcpdump/commit/39582c04cc5e34054b2936b423072fb9df2ff6ef",
"deprecated": false,
"target": {
"file": "print-hncp.c"
}
},
{
"id": "CVE-2017-13042-4bc5d803",
"digest": {
"function_hash": "314864348627341437947351339301548824680",
"length": 1003.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/the-tcpdump-group/tcpdump/commit/39582c04cc5e34054b2936b423072fb9df2ff6ef",
"deprecated": false,
"target": {
"function": "dhcpv6_print",
"file": "print-hncp.c"
}
}
]