Home

CVE-2018-14879

Description

The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().

Risk Information

Base Score
7.0
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.52

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in MacOS Catalina 10.15.2Mac
Multiple vulnerabilities are fixed in MacOS Catalina 10.15.2 Combo UpdateMac
tcpdump security update(DSA-4547-1) tcpdump_4.9.3-1~deb9u1_i386.debLinux
tcpdump security update(DSA-4547-1) tcpdump_4.9.3-1~deb9u1_amd64.debLinux
tcpdump security update(DSA-4547-1) tcpdump_4.9.3-1~deb10u1_amd64.debLinux
command-line network traffic analyzer (USN-4252-1) tcpdump_4.9.3-0ubuntu0.16.04.1_i386.debLinux
command-line network traffic analyzer (USN-4252-1) tcpdump_4.9.3-0ubuntu0.16.04.1_amd64.debLinux
command-line network traffic analyzer (USN-4252-1) tcpdump_4.9.3-0ubuntu0.18.04.1_i386.debLinux
command-line network traffic analyzer (USN-4252-1) tcpdump_4.9.3-0ubuntu0.18.04.1_amd64.debLinux
(RHSA-2020:4760) tcpdump security, bug fix, and enhancement update tcpdump-4.9.3-1.el8.x86_64.rpmLinux
(RHSA-2020:4760) tcpdump security, bug fix, and enhancement update tcpdump-debugsource-4.9.3-1.el8.x86_64.rpmLinux
SUSE-SU-2020:3360-1(SUSE Linux Enterprise Server 12-SP5 ) tcpdump-4.9.2-14.17.1.x86_64.rpmLinux
SUSE-SU-2020:3360-1(SUSE Linux Enterprise Server 12-SP5 ) tcpdump-debuginfo-4.9.2-14.17.1.x86_64.rpmLinux
SUSE-SU-2020:3360-1(SUSE Linux Enterprise Server 12-SP5 ) tcpdump-debugsource-4.9.2-14.17.1.x86_64.rpmLinux
Buffer Copy without Checking Size of Input (Classic Buffer Overflow) Vulnerability (CVE-2018-14879)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-602673MacOS Catalina 10.15.7 - Auto Reboot
PATCH-602674macOS Catalina 10.15.7 Combo Update - Auto Reboot

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234