tcpdump up to 4.9.2 FRF.16 Parser print-fr.c mfr_print() memory corruption
| CVSS Meta Temp Score | Current Exploit Price (β) |
|---|---|
| 4.9 | $0-$5k |
A vulnerability classified as critical has been found in tcpdump up to 4.9.2 (Packet Analyzer Software). Affected is the function mfr_print() of the file print-fr.c of the component FRF.16 Parser. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-119. This is going to have an impact on confidentiality, integrity, and availability.
The weakness was disclosed 10/03/2019 (GitHub Repository). The advisory is available at github.com. This vulnerability is traded as CVE-2018-14468 since 07/20/2018. Technical details are known, but there is no available exploit.
Upgrading to version 4.9.3 eliminates this vulnerability.
The entries 142906, 142905, 142904 and 142903 are pretty similar.
Type
Name
VulDB Meta Base Score: 5.5
VulDB Meta Temp Score: 4.9
VulDB Base Score: β5.5
VulDB Temp Score: β4.9
VulDB Vector: π
VulDB Reliability: π
VulDB Base Score: π
VulDB Temp Score: π
VulDB Reliability: π
Class: Memory corruption (CWE-119)
Local: Yes
Remote: No
Availability: π
Status: Not defined
Price Prediction: π
Current Price Estimation: π
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Threat: π
Adversaries: π
Geopolitics: π
Economy: π
Predictions: π
Remediation: πRecommended: Upgrade
Status: π
0-Day Time: π
Upgrade: tcpdump 4.9.3
07/20/2018 CVE assigned
10/03/2019 Advisory disclosed
10/04/2019 VulDB entry created
10/04/2019 VulDB last updateProduct: tcpdump.org
Advisory: github.com
Status: Unconfirmed
CVE: CVE-2018-14468 (π)
See also: π
Created: 10/04/2019 08:50 AM
Complete: π
Enable the mail alert feature now!
https://vuldb.com/?id.142902
Gloss