CVE-2018-16300

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-16300
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16300.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-16300
Downstream
Related
Published
2019-10-03T16:15:12Z
Modified
2025-10-21T04:31:11.250962Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgpattrprint() because of unlimited recursion.

References

Affected packages

Git / github.com/the-tcpdump-group/tcpdump

Affected ranges

Type
GIT
Repo
https://github.com/the-tcpdump-group/tcpdump
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
af2cf04a9394c1a56227c2289ae8da262828294a

Affected versions

tcpdump-3.*

tcpdump-3.5.1
tcpdump-3.6.1
tcpdump-3.7.1
tcpdump-3.8-bp

tcpdump-4.*

tcpdump-4.5.0
tcpdump-4.6.0
tcpdump-4.6.0-bp
tcpdump-4.7.0-bp
tcpdump-4.9.0
tcpdump-4.9.0-bp
tcpdump-4.9.1
tcpdump-4.9.2

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "309882659092036301308043375456346057996",
            "length": 2267.0
        },
        "target": {
            "function": "bgp_update_print",
            "file": "print-bgp.c"
        },
        "id": "CVE-2018-16300-7627326c",
        "source": "https://github.com/the-tcpdump-group/tcpdump/commit/af2cf04a9394c1a56227c2289ae8da262828294a",
        "signature_type": "Function"
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "330949681160558468413429460617835331910",
                "141881915480973847955323516918626720718",
                "98152526311664306019175345027733956822",
                "69930951805381382789606927975975268164",
                "188562718673582199025599945440985804738",
                "217711695779557728041145754524260658965",
                "204060531203740918921648190468983664222",
                "294405672907950825367948507040268303826",
                "263002165216818461252352360805882156517",
                "111691984917457457792790044347773620397",
                "263301420159176326704959826765944897216",
                "231460826325824960171371317924030813961"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "print-bgp.c"
        },
        "id": "CVE-2018-16300-f032bcc0",
        "source": "https://github.com/the-tcpdump-group/tcpdump/commit/af2cf04a9394c1a56227c2289ae8da262828294a",
        "signature_type": "Line"
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "233637868526048202855357606634027936969",
            "length": 25760.0
        },
        "target": {
            "function": "bgp_attr_print",
            "file": "print-bgp.c"
        },
        "id": "CVE-2018-16300-fda1ac5d",
        "source": "https://github.com/the-tcpdump-group/tcpdump/commit/af2cf04a9394c1a56227c2289ae8da262828294a",
        "signature_type": "Function"
    }
]