Base Score

HIGH7.5

CVE-2018-16229

The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().

VectorNETWORK

Published Bycve@mitre.org

Published DateOct 03, 2019, 16:15

Weakness Type (CWE):CWE-125

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
http://seclists.org/fulldisclosure/2019/Dec/26
https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
https://github.com/the-tcpdump-group/tcpdump/commit/211124b972e74f0da66bc8b16f181f78793e2f66
https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
https://seclists.org/bugtraq/2019/Dec/23
https://seclists.org/bugtraq/2019/Oct/28
https://security.netapp.com/advisory/ntap-20200120-0001/
https://support.apple.com/kb/HT210788
https://usn.ubuntu.com/4252-1/
https://usn.ubuntu.com/4252-2/
https://www.debian.org/security/2019/dsa-4547

Base Score

HIGH7.5

Weakness Type (CWE):CWE-125

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH