tcpdump 4.9.0 allows remote attackers to cause a denial...
High severity
Unreviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Feb 2, 2023
Description
Published by the National Vulnerability Database
Jul 8, 2017
Published to the GitHub Advisory Database
May 13, 2022
Last updated
Feb 2, 2023
tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol.
References