CVE-2018-14879 (NVD)

2019-10-03

The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().

Products Mac_os_x, Debian_linux, Traffix_signaling_delivery_controller, Fedora, Leap, Enterprise_linux, Tcpdump
Type Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120)
First patch - None (likely due to unavailable code)
Patches https://github.com/the-tcpdump-group/tcpdump/commit/9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6
Links https://support.apple.com/kb/HT210788
http://seclists.org/fulldisclosure/2019/Dec/26
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
https://security.netapp.com/advisory/ntap-20200120-0001/
https://seclists.org/bugtraq/2019/Oct/28