Tcpdump CVE-2018-19519 Stack Based Buffer Overflow Vulnerability

Tcpdump is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Failed exploit attempts may result in a denial-of-service condition; this can result in the attacker gaining complete control of the affected system.
Tcpdump version 4.9.2 is vulnerable.


Bugtraq ID: 106098
Class: Boundary Condition Error
CVE: CVE-2018-19519

Remote: Yes
Local: No
Published: Dec 03 2018 12:00AM
Updated: Dec 03 2018 12:00AM
Credit: Sam Fowler
Vulnerable: tcpdump tcpdump 4.9.2
Redhat Enterprise Linux 7

Not Vulnerable:


The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

Related Posts