CVE-2020-8037
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-8037
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8037.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-8037
- Downstream
- Related
- Published
- 2020-11-04T18:15:20Z
- Modified
- 2025-10-21T05:56:37.775719Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
- References
-
- http://seclists.org/fulldisclosure/2021/Apr/51
- https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231
- https://lists.debian.org/debian-lts-announce/2020/11/msg00018.html
- https://support.apple.com/kb/HT212325
- https://support.apple.com/kb/HT212326
- https://support.apple.com/kb/HT212327
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2MX34MJIUJQGL6CMEPLTKFOOOC3CJ4Z/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWDBONZVLC6BAOR2KM376DJCM4H3FERV/
Affected packages
Git / github.com/the-tcpdump-group/tcpdump
Affected ranges
- Type
- GIT
- Repo
- https://github.com/the-tcpdump-group/tcpdump
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
tcpdump-3.*
tcpdump-3.5.1
tcpdump-3.6.1
tcpdump-3.7.1
tcpdump-3.8-bp
tcpdump-4.*
tcpdump-4.5.0
tcpdump-4.6.0
tcpdump-4.6.0-bp
tcpdump-4.7.0-bp
tcpdump-4.9.0
tcpdump-4.9.0-bp
tcpdump-4.9.1
tcpdump-4.9.2
tcpdump-4.9.3
Database specific
vanir_signatures
[
{
"id": "CVE-2020-8037-625654ac",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 1251.0,
"function_hash": "114072365358220823879709176952693676320"
},
"target": {
"function": "ppp_hdlc",
"file": "print-ppp.c"
},
"signature_type": "Function",
"source": "https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231"
},
{
"id": "CVE-2020-8037-df93f99f",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"75602926860762894768813751569532021359",
"9867738560598064159077092336868710730",
"226286868117138916932261892023417786878",
"312535365908525278831835037643938069206",
"193708830256193212648148804585932547330",
"225582233472056077528484568223799068742",
"87512221018872648189638407990642100373",
"331997209997900974668790162158431339155",
"32254091627956064590784894660703272575",
"275556175249599490980814440375788132190",
"79058067046007865613622272898805451482",
"96770968572884396529904239864250777959",
"15054595184741052885796942294073694432",
"169938687647837023712455514535228888440",
"179516277381903108913256904174120081207",
"188861693945644257165746229702332158795",
"241755533398317547277580406153182923367",
"277299685682914552613762330927893646226",
"43450640239716668424840137206990379970",
"169909079340584079484773553150578196492"
],
"threshold": 0.9
},
"target": {
"file": "print-ppp.c"
},
"signature_type": "Line",
"source": "https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231"
}
]