CVE-2023-1801

medium

Description

The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet.

References

https://support.apple.com/kb/HT213845

https://support.apple.com/kb/HT213844

https://lists.fedoraproject.org/archives/list/[email protected]/message/ZLLZCG23MU6O4QOG2CX3DLEL3YXP6LAI/

https://lists.fedoraproject.org/archives/list/[email protected]/message/WYL5DEVHRJYF2CM5LTCZKEYFYDZAIZSN/

https://lists.fedoraproject.org/archives/list/[email protected]/message/KOA2BJFERAC3VRQIRHJOWN4HZY4ZA7CH/

https://github.com/the-tcpdump-group/tcpdump/commit/7578e1c04ee280dda50c4c2813e7d55f539c6501

https://github.com/the-tcpdump-group/tcpdump/commit/03c037bbd75588beba3ee09f26d17783d21e30bc

Details

Source: Mitre, NVD

Published: 2023-04-07

Updated: 2023-12-23

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00092