CVE-2018-14468 (NVD)

2019-10-03

The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().

Products Mac_os_x, Debian_linux, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_domain_name_system, Big\-Ip_edge_gateway, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_webaccelerator, Big\-Iq_centralized_management, Enterprise_manager, Iworkflow, Traffix_signaling_delivery_controller, Fedora, Leap, Enterprise_linux, Tcpdump
Type Out-of-bounds Read (CWE-125)
First patch - None (likely due to unavailable code)
Patches https://github.com/the-tcpdump-group/tcpdump/commit/aa3e54f594385ce7e1e319b0c84999e51192578b
Links https://seclists.org/bugtraq/2019/Dec/23
https://www.debian.org/security/2019/dsa-4547
https://usn.ubuntu.com/4252-2/
https://support.f5.com/csp/article/K04367730?utm_source=f5support&amp%3Butm_medium=RSS
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html