Home

CVE-2018-16300

Description

The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.28

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in MacOS Catalina 10.15.2Mac
Multiple vulnerabilities are fixed in MacOS Catalina 10.15.2 Combo UpdateMac
tcpdump security update(DSA-4547-1) tcpdump_4.9.3-1~deb9u1_i386.debLinux
tcpdump security update(DSA-4547-1) tcpdump_4.9.3-1~deb9u1_amd64.debLinux
tcpdump security update(DSA-4547-1) tcpdump_4.9.3-1~deb10u1_amd64.debLinux
command-line network traffic analyzer (USN-4252-1) tcpdump_4.9.3-0ubuntu0.16.04.1_i386.debLinux
command-line network traffic analyzer (USN-4252-1) tcpdump_4.9.3-0ubuntu0.16.04.1_amd64.debLinux
command-line network traffic analyzer (USN-4252-1) tcpdump_4.9.3-0ubuntu0.18.04.1_i386.debLinux
command-line network traffic analyzer (USN-4252-1) tcpdump_4.9.3-0ubuntu0.18.04.1_amd64.debLinux
(RHSA-2020:4760) tcpdump security, bug fix, and enhancement update tcpdump-4.9.3-1.el8.x86_64.rpmLinux
(RHSA-2020:4760) tcpdump security, bug fix, and enhancement update tcpdump-debugsource-4.9.3-1.el8.x86_64.rpmLinux
SUSE-SU-2020:3360-1(SUSE Linux Enterprise Server 12-SP5 ) tcpdump-4.9.2-14.17.1.x86_64.rpmLinux
SUSE-SU-2020:3360-1(SUSE Linux Enterprise Server 12-SP5 ) tcpdump-debuginfo-4.9.2-14.17.1.x86_64.rpmLinux
SUSE-SU-2020:3360-1(SUSE Linux Enterprise Server 12-SP5 ) tcpdump-debugsource-4.9.2-14.17.1.x86_64.rpmLinux
Uncontrolled Recursion Vulnerability (CVE-2018-16300)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-602673MacOS Catalina 10.15.7 - Auto Reboot
PATCH-602674macOS Catalina 10.15.7 Combo Update - Auto Reboot

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234