Vulnerability CVE-2018-16300: Information

Description

The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-16300

Published: Oct. 3, 2019

Modified: Nov. 7, 2023

Error type identifier: CWE-674

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
tcpdump	sisyphus	4.9.3-alt1	4.99.4-alt1	ALT-PU-2019-3120-1	239373	Fixed
tcpdump	p10	4.9.3-alt1	4.9.3-alt2	ALT-PU-2019-3120-1	239373	Fixed
tcpdump	p9	4.9.3-alt2	4.9.3-alt2	ALT-PU-2020-3563-1	263886	Fixed
tcpdump	c10f1	4.9.3-alt1	4.9.3-alt2	ALT-PU-2019-3120-1	239373	Fixed
tcpdump	c9f2	4.9.3-alt2	4.9.3-alt2	ALT-PU-2021-1433-1	267221	Fixed

Hyperlink	Resource
https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES	Release Notes Third Party Advisory
https://github.com/the-tcpdump-group/tcpdump/commit/af2cf04a9394c1a56227c2289ae8da262828294a	Patch Third Party Advisory
[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update
openSUSE-SU-2019:2348
openSUSE-SU-2019:2344
20191021 [SECURITY] [DSA 4547-1] tcpdump security update
DSA-4547
https://support.apple.com/kb/HT210788
20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
https://security.netapp.com/advisory/ntap-20200120-0001/
USN-4252-2
USN-4252-1
FEDORA-2019-85d92df70f
FEDORA-2019-d06bc63433
FEDORA-2019-6db0d5b9d9

Affected configurations:
1. Configuration 1
  cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*
  End excliding
  4.9.3

Version: v24.4.2