CVE-2020-8037

Source
https://cve.org/CVERecord?id=CVE-2020-8037
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8037.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-8037
Downstream
Related
Published
2020-11-04T18:15:20.843Z
Modified
2026-07-08T20:29:40.186050Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.

Database specific
{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "fixed": "10.14.6"
                },
                {
                    "introduced": "10.15"
                },
                {
                    "fixed": "10.15.7"
                }
            ],
            "source": "CPE_RANGE",
            "vendor_product": "apple:mac_os_x",
            "cpes": [
                "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "11.0"
                },
                {
                    "fixed": "11.3"
                }
            ],
            "source": "CPE_RANGE",
            "vendor_product": "apple:macos",
            "cpes": [
                "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "10.14.6-NA"
                },
                {
                    "last_affected": "10.14.6-NA"
                },
                {
                    "introduced": "10.14.6-security_update_2019\\-001"
                },
                {
                    "last_affected": "10.14.6-security_update_2019\\-001"
                },
                {
                    "introduced": "10.14.6-security_update_2019\\-002"
                },
                {
                    "last_affected": "10.14.6-security_update_2019\\-002"
                },
                {
                    "introduced": "10.14.6-security_update_2020\\-001"
                },
                {
                    "last_affected": "10.14.6-security_update_2020\\-001"
                },
                {
                    "introduced": "10.14.6-security_update_2020\\-002"
                },
                {
                    "last_affected": "10.14.6-security_update_2020\\-002"
                },
                {
                    "introduced": "10.14.6-security_update_2020\\-003"
                },
                {
                    "last_affected": "10.14.6-security_update_2020\\-003"
                },
                {
                    "introduced": "10.14.6-security_update_2020\\-004"
                },
                {
                    "last_affected": "10.14.6-security_update_2020\\-004"
                },
                {
                    "introduced": "10.14.6-security_update_2020\\-005"
                },
                {
                    "last_affected": "10.14.6-security_update_2020\\-005"
                },
                {
                    "introduced": "10.14.6-security_update_2020\\-006"
                },
                {
                    "last_affected": "10.14.6-security_update_2020\\-006"
                },
                {
                    "introduced": "10.14.6-security_update_2020\\-007"
                },
                {
                    "last_affected": "10.14.6-security_update_2020\\-007"
                },
                {
                    "introduced": "10.14.6-security_update_2021\\-001"
                },
                {
                    "last_affected": "10.14.6-security_update_2021\\-001"
                },
                {
                    "introduced": "10.15.7-NA"
                },
                {
                    "last_affected": "10.15.7-NA"
                },
                {
                    "introduced": "10.15.7-security_update_2020\\-001"
                },
                {
                    "last_affected": "10.15.7-security_update_2020\\-001"
                },
                {
                    "introduced": "10.15.7-security_update_2021\\-001"
                },
                {
                    "last_affected": "10.15.7-security_update_2021\\-001"
                },
                {
                    "introduced": "10.15.7-supplemental_update"
                },
                {
                    "last_affected": "10.15.7-supplemental_update"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "apple:mac_os_x",
            "cpes": [
                "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
                "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
                "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
                "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
                "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
                "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
                "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*",
                "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*",
                "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*",
                "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*",
                "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*",
                "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
                "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
                "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "9.0"
                },
                {
                    "last_affected": "9.0"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "debian:debian_linux",
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "32"
                },
                {
                    "last_affected": "32"
                },
                {
                    "introduced": "33"
                },
                {
                    "last_affected": "33"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "fedoraproject:fedora",
            "cpes": [
                "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"
            ]
        }
    ]
}
References

Affected packages

Git / github.com/the-tcpdump-group/tcpdump

Affected ranges

Type
GIT
Repo
https://github.com/the-tcpdump-group/tcpdump
Events
Database specific
{
    "cpe": "cpe:2.3:a:tcpdump:tcpdump:4.9.3:*:*:*:*:*:*:*",
    "source": [
        "CPE_STRING",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "4.9.3"
        },
        {
            "last_affected": "4.9.3"
        }
    ]
}

Affected versions

4.*
4.9.3
tcpdump-4.*
tcpdump-4.9.3

Database specific

vanir_signatures_modified
"2026-07-08T20:29:40Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8037.json"
vanir_signatures
[
    {
        "target": {
            "file": "print-ppp.c",
            "function": "ppp_hdlc"
        },
        "deprecated": false,
        "source": "https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231",
        "digest": {
            "function_hash": "114072365358220823879709176952693676320",
            "length": 1251.0
        },
        "id": "CVE-2020-8037-625654ac",
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "target": {
            "file": "print-ppp.c"
        },
        "deprecated": false,
        "source": "https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "75602926860762894768813751569532021359",
                "9867738560598064159077092336868710730",
                "226286868117138916932261892023417786878",
                "312535365908525278831835037643938069206",
                "193708830256193212648148804585932547330",
                "225582233472056077528484568223799068742",
                "87512221018872648189638407990642100373",
                "331997209997900974668790162158431339155",
                "32254091627956064590784894660703272575",
                "275556175249599490980814440375788132190",
                "79058067046007865613622272898805451482",
                "96770968572884396529904239864250777959",
                "15054595184741052885796942294073694432",
                "169938687647837023712455514535228888440",
                "179516277381903108913256904174120081207",
                "188861693945644257165746229702332158795",
                "241755533398317547277580406153182923367",
                "277299685682914552613762330927893646226",
                "43450640239716668424840137206990379970",
                "169909079340584079484773553150578196492"
            ]
        },
        "id": "CVE-2020-8037-df93f99f",
        "signature_type": "Line",
        "signature_version": "v1"
    }
]