CVE-2017-12898

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply().

References

http://www.debian.org/security/2017/dsa-3971

http://www.securitytracker.com/id/1039307

http://www.tcpdump.org/tcpdump-changes.txt

https://access.redhat.com/errata/RHEA-2018:0705

https://github.com/the-tcpdump-group/tcpdump/commit/19d25dd8781620cd41bf178a5e2e27fc1cf242d0

https://security.gentoo.org/glsa/201709-23

https://support.apple.com/HT208221

Details

Source: MITRE

Published: 2017-09-14

Updated: 2019-10-03

Type: CWE-125

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:* versions up to 4.9.1 (inclusive)

Tenable Plugins

View all (21 total)

IDNameProductFamilySeverity
150563SUSE SLES11 Security Update : tcpdump (SUSE-SU-2019:14191-1)NessusSuSE Local Security Checks
critical
127275NewStart CGSL CORE 5.04 / MAIN 5.04 : tcpdump Multiple Vulnerabilities (NS-SA-2019-0071)NessusNewStart CGSL Local Security Checks
critical
700512macOS 10.13.x < 10.13.1 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
121732Photon OS 1.0: Tcpdump PHSA-2017-0034NessusPhotonOS Local Security Checks
critical
111883Photon OS 1.0: Ruby / Tcpdump PHSA-2017-0034 (deprecated)NessusPhotonOS Local Security Checks
critical
104379macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)NessusMacOS X Local Security Checks
critical
104378macOS 10.13.x < 10.13.1 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
104239openSUSE Security Update : tcpdump (openSUSE-2017-1205)NessusSuSE Local Security Checks
critical
104208SUSE SLED12 / SLES12 Security Update : tcpdump (SUSE-SU-2017:2854-1)NessusSuSE Local Security Checks
critical
103484FreeBSD : tcpdump -- multiple vulnerabilities (eb03d642-6724-472d-b038-f2bf074e1fc8)NessusFreeBSD Local Security Checks
critical
103462GLSA-201709-23 : Tcpdump: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
103257Debian DLA-1097-1 : tcpdump security updateNessusDebian Local Security Checks
critical
103218Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : tcpdump vulnerabilities (USN-3415-1)NessusUbuntu Local Security Checks
critical
103148Debian DSA-3971-1 : tcpdump - security updateNessusDebian Local Security Checks
critical
103091Slackware 13.37 / 14.0 / 14.1 / 14.2 / current : tcpdump (SSA:2017-251-03)NessusSlackware Local Security Checks
critical
100472AIX 5.3 TL 12 : tcpdump (IV94729)NessusAIX Local Security Checks
critical
100471AIX 6.1 TL 9 : tcpdump (IV94728)NessusAIX Local Security Checks
critical
100470AIX 7.1 TL 3 : tcpdump (IV94727)NessusAIX Local Security Checks
critical
100469AIX 7.1 TL 4 : tcpdump (IV94726)NessusAIX Local Security Checks
critical
100468AIX 7.2 TL 0 : tcpdump (IV94724)NessusAIX Local Security Checks
critical
100467AIX 7.2 TL 1 : tcpdump (IV94723)NessusAIX Local Security Checks
critical