Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-16300

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-03 Oct, 2019 | 15:52
Updated At-03 Dec, 2025 | 19:45
Rejected At-
Credits

The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:03 Oct, 2019 | 15:52
Updated At:03 Dec, 2025 | 19:45
Rejected At:
â–¼CVE Numbering Authority (CNA)

The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
x_refsource_MISC
https://github.com/the-tcpdump-group/tcpdump/commit/af2cf04a9394c1a56227c2289ae8da262828294a
x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
mailing-list
x_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
vendor-advisory
x_refsource_SUSE
https://seclists.org/bugtraq/2019/Oct/28
mailing-list
x_refsource_BUGTRAQ
https://www.debian.org/security/2019/dsa-4547
vendor-advisory
x_refsource_DEBIAN
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
vendor-advisory
x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
vendor-advisory
x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
vendor-advisory
x_refsource_FEDORA
https://support.apple.com/kb/HT210788
x_refsource_CONFIRM
https://seclists.org/bugtraq/2019/Dec/23
mailing-list
x_refsource_BUGTRAQ
http://seclists.org/fulldisclosure/2019/Dec/26
mailing-list
x_refsource_FULLDISC
https://security.netapp.com/advisory/ntap-20200120-0001/
x_refsource_CONFIRM
https://usn.ubuntu.com/4252-2/
vendor-advisory
x_refsource_UBUNTU
https://usn.ubuntu.com/4252-1/
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
Resource:
x_refsource_MISC
Hyperlink: https://github.com/the-tcpdump-group/tcpdump/commit/af2cf04a9394c1a56227c2289ae8da262828294a
Resource:
x_refsource_CONFIRM
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://seclists.org/bugtraq/2019/Oct/28
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: https://www.debian.org/security/2019/dsa-4547
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://support.apple.com/kb/HT210788
Resource:
x_refsource_CONFIRM
Hyperlink: https://seclists.org/bugtraq/2019/Dec/23
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://seclists.org/fulldisclosure/2019/Dec/26
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: https://security.netapp.com/advisory/ntap-20200120-0001/
Resource:
x_refsource_CONFIRM
Hyperlink: https://usn.ubuntu.com/4252-2/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://usn.ubuntu.com/4252-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
x_refsource_MISC
x_transferred
https://github.com/the-tcpdump-group/tcpdump/commit/af2cf04a9394c1a56227c2289ae8da262828294a
x_refsource_CONFIRM
x_transferred
https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
mailing-list
x_refsource_MLIST
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://seclists.org/bugtraq/2019/Oct/28
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://www.debian.org/security/2019/dsa-4547
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
vendor-advisory
x_refsource_FEDORA
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
vendor-advisory
x_refsource_FEDORA
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
vendor-advisory
x_refsource_FEDORA
x_transferred
https://support.apple.com/kb/HT210788
x_refsource_CONFIRM
x_transferred
https://seclists.org/bugtraq/2019/Dec/23
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://seclists.org/fulldisclosure/2019/Dec/26
mailing-list
x_refsource_FULLDISC
x_transferred
https://security.netapp.com/advisory/ntap-20200120-0001/
x_refsource_CONFIRM
x_transferred
https://usn.ubuntu.com/4252-2/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://usn.ubuntu.com/4252-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/the-tcpdump-group/tcpdump/commit/af2cf04a9394c1a56227c2289ae8da262828294a
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://seclists.org/bugtraq/2019/Oct/28
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: https://www.debian.org/security/2019/dsa-4547
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://support.apple.com/kb/HT210788
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://seclists.org/bugtraq/2019/Dec/23
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2019/Dec/26
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20200120-0001/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://usn.ubuntu.com/4252-2/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://usn.ubuntu.com/4252-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-674CWE-674 Uncontrolled Recursion
Type: CWE
CWE ID: CWE-674
Description: CWE-674 Uncontrolled Recursion
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:03 Oct, 2019 | 16:15
Updated At:03 Dec, 2025 | 20:16

The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
tcpdump & libpcap
tcpdump
>>tcpdump>>Versions before 4.9.3(exclusive)
cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-674Primarynvd@nist.gov
CWE-674Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-674
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-674
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.htmlcve@mitre.org
N/A
http://seclists.org/fulldisclosure/2019/Dec/26cve@mitre.org
N/A
https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGEScve@mitre.org
Release Notes
Third Party Advisory
https://github.com/the-tcpdump-group/tcpdump/commit/af2cf04a9394c1a56227c2289ae8da262828294acve@mitre.org
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00015.htmlcve@mitre.org
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/cve@mitre.org
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/cve@mitre.org
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/cve@mitre.org
N/A
https://seclists.org/bugtraq/2019/Dec/23cve@mitre.org
N/A
https://seclists.org/bugtraq/2019/Oct/28cve@mitre.org
N/A
https://security.netapp.com/advisory/ntap-20200120-0001/cve@mitre.org
N/A
https://support.apple.com/kb/HT210788cve@mitre.org
N/A
https://usn.ubuntu.com/4252-1/cve@mitre.org
N/A
https://usn.ubuntu.com/4252-2/cve@mitre.org
N/A
https://www.debian.org/security/2019/dsa-4547cve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://seclists.org/fulldisclosure/2019/Dec/26af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGESaf854a3a-2127-422b-91ae-364da2661108
Release Notes
Third Party Advisory
https://github.com/the-tcpdump-group/tcpdump/commit/af2cf04a9394c1a56227c2289ae8da262828294aaf854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00015.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/af854a3a-2127-422b-91ae-364da2661108
N/A
https://seclists.org/bugtraq/2019/Dec/23af854a3a-2127-422b-91ae-364da2661108
N/A
https://seclists.org/bugtraq/2019/Oct/28af854a3a-2127-422b-91ae-364da2661108
N/A
https://security.netapp.com/advisory/ntap-20200120-0001/af854a3a-2127-422b-91ae-364da2661108
N/A
https://support.apple.com/kb/HT210788af854a3a-2127-422b-91ae-364da2661108
N/A
https://usn.ubuntu.com/4252-1/af854a3a-2127-422b-91ae-364da2661108
N/A
https://usn.ubuntu.com/4252-2/af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.debian.org/security/2019/dsa-4547af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2019/Dec/26
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
Source: cve@mitre.org
Resource:
Release Notes
Third Party Advisory
Hyperlink: https://github.com/the-tcpdump-group/tcpdump/commit/af2cf04a9394c1a56227c2289ae8da262828294a
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://seclists.org/bugtraq/2019/Dec/23
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://seclists.org/bugtraq/2019/Oct/28
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20200120-0001/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT210788
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://usn.ubuntu.com/4252-1/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://usn.ubuntu.com/4252-2/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.debian.org/security/2019/dsa-4547
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2019/Dec/26
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Third Party Advisory
Hyperlink: https://github.com/the-tcpdump-group/tcpdump/commit/af2cf04a9394c1a56227c2289ae8da262828294a
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://seclists.org/bugtraq/2019/Dec/23
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://seclists.org/bugtraq/2019/Oct/28
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20200120-0001/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT210788
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://usn.ubuntu.com/4252-1/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://usn.ubuntu.com/4252-2/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.debian.org/security/2019/dsa-4547
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

180Records found
CVE-2018-16452
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.47%
||
7 Day CHG-0.95%
Published-03 Oct, 2019 | 15:58
Updated-03 Dec, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.

Action-Not Available
Vendor-n/atcpdump & libpcap
Product-tcpdumpn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-15163
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.72% / 82.42%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 18:34
Updated-05 Aug, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails.

Action-Not Available
Vendor-n/atcpdump & libpcap
Product-libpcapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-11108
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.94% / 83.45%
||
7 Day CHG~0.00%
Published-08 Jul, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol.

Action-Not Available
Vendor-n/atcpdump & libpcap
Product-tcpdumpn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-16228
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.17% / 84.34%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:46
Updated-03 Dec, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().

Action-Not Available
Vendor-n/aApple Inc.Fedora Projecttcpdump & libpcapRed Hat, Inc.Debian GNU/LinuxopenSUSE
Product-tcpdumpenterprise_linuxfedoraleapmac_os_xdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-16229
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.97% / 86.52%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:48
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().

Action-Not Available
Vendor-n/aDebian GNU/LinuxApple Inc.tcpdump & libpcapFedora ProjectRed Hat, Inc.openSUSEF5, Inc.
Product-debian_linuxfedoraenterprise_linuxmac_os_xtraffix_signaling_delivery_controllertcpdumpleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-16227
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.50% / 87.63%
||
7 Day CHG-1.01%
Published-03 Oct, 2019 | 15:44
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.

Action-Not Available
Vendor-n/aDebian GNU/LinuxApple Inc.Fedora Projecttcpdump & libpcapopenSUSERed Hat, Inc.
Product-debian_linuxfedoraenterprise_linuxmac_os_xleaptcpdumpn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-16451
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 64.82%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:57
Updated-03 Dec, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.

Action-Not Available
Vendor-n/aApple Inc.openSUSEFedora ProjectRed Hat, Inc.Debian GNU/Linuxtcpdump & libpcap
Product-tcpdumpenterprise_linuxfedoraleapmac_os_xdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-16230
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 64.82%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:49
Updated-03 Dec, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).

Action-Not Available
Vendor-n/aApple Inc.openSUSEFedora ProjectRed Hat, Inc.Debian GNU/Linuxtcpdump & libpcap
Product-tcpdumpenterprise_linuxfedoraleapmac_os_xdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14467
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.88%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:24
Updated-03 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).

Action-Not Available
Vendor-n/aApple Inc.Fedora Projecttcpdump & libpcapRed Hat, Inc.Debian GNU/LinuxopenSUSE
Product-tcpdumpenterprise_linuxfedoraleapmac_os_xdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14880
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.99% / 76.88%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:35
Updated-05 Aug, 2024 | 09:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().

Action-Not Available
Vendor-n/aDebian GNU/LinuxApple Inc.tcpdump & libpcapFedora ProjectRed Hat, Inc.openSUSEF5, Inc.
Product-big-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_serviceenterprise_linuxbig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_analyticsbig-ip_domain_name_systemiworkflowbig-ip_application_security_managertcpdumpbig-ip_edge_gatewaydebian_linuxbig-iq_centralized_managementbig-ip_link_controllerfedoramac_os_xenterprise_managerbig-ip_access_policy_managertraffix_signaling_delivery_controllerbig-ip_advanced_firewall_managerleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14462
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.52% / 66.85%
||
7 Day CHG-1.76%
Published-03 Oct, 2019 | 15:11
Updated-03 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().

Action-Not Available
Vendor-n/aApple Inc.Fedora Projecttcpdump & libpcapRed Hat, Inc.Debian GNU/LinuxF5, Inc.openSUSE
Product-tcpdumpenterprise_linuxtraffix_signaling_delivery_controllerleapfedoramac_os_xdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14464
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.00% / 83.72%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:13
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().

Action-Not Available
Vendor-n/aDebian GNU/LinuxApple Inc.Fedora Projecttcpdump & libpcapopenSUSERed Hat, Inc.
Product-debian_linuxfedoraenterprise_linuxmac_os_xleaptcpdumpn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14470
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.00% / 83.72%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:31
Updated-03 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().

Action-Not Available
Vendor-n/aApple Inc.openSUSEFedora ProjectRed Hat, Inc.Debian GNU/Linuxtcpdump & libpcap
Product-tcpdumpenterprise_linuxfedoraleapmac_os_xdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14882
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.38% / 85.01%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:41
Updated-03 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.

Action-Not Available
Vendor-n/aApple Inc.openSUSEFedora ProjectRed Hat, Inc.Debian GNU/LinuxF5, Inc.tcpdump & libpcap
Product-tcpdumpenterprise_linuxtraffix_signaling_delivery_controllerleapfedoramac_os_xdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14881
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.52% / 81.28%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:36
Updated-03 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).

Action-Not Available
Vendor-n/aApple Inc.openSUSEFedora ProjectRed Hat, Inc.Debian GNU/Linuxtcpdump & libpcap
Product-tcpdumpenterprise_linuxfedoraleapmac_os_xdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14469
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.99% / 76.88%
||
7 Day CHG-0.75%
Published-03 Oct, 2019 | 15:29
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().

Action-Not Available
Vendor-n/aDebian GNU/LinuxApple Inc.tcpdump & libpcapFedora ProjectRed Hat, Inc.openSUSEF5, Inc.
Product-debian_linuxfedoraenterprise_linuxmac_os_xtraffix_signaling_delivery_controllertcpdumpleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14468
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.68% / 71.58%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:27
Updated-03 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().

Action-Not Available
Vendor-n/aApple Inc.openSUSEFedora ProjectRed Hat, Inc.Debian GNU/LinuxF5, Inc.tcpdump & libpcap
Product-big-ip_analyticsbig-ip_application_security_managerleapbig-ip_link_controllertraffix_signaling_delivery_controllerbig-ip_local_traffic_managerbig-ip_domain_name_systembig-ip_access_policy_managermac_os_xtcpdumpdebian_linuxiworkflowbig-ip_policy_enforcement_managerbig-ip_fraud_protection_serviceenterprise_linuxfedoraenterprise_managerbig-ip_global_traffic_managerbig-ip_application_acceleration_managerbig-ip_advanced_firewall_managerbig-ip_webacceleratorbig-iq_centralized_managementbig-ip_edge_gatewayn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14466
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.88%
||
7 Day CHG-1.55%
Published-03 Oct, 2019 | 15:22
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().

Action-Not Available
Vendor-n/aDebian GNU/LinuxApple Inc.Fedora Projecttcpdump & libpcapopenSUSERed Hat, Inc.
Product-debian_linuxfedoraenterprise_linuxmac_os_xleaptcpdumpn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14465
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.76% / 82.63%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:15
Updated-17 Dec, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectF5, Inc.openSUSERed Hat, Inc.Apple Inc.tcpdump & libpcap
Product-debian_linuxenterprise_linuxtraffix_signaling_delivery_controllerfedoraleapmac_os_xtcpdumpn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14461
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.40%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:09
Updated-03 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().

Action-Not Available
Vendor-n/aApple Inc.Fedora Projecttcpdump & libpcapRed Hat, Inc.Debian GNU/LinuxopenSUSE
Product-tcpdumpenterprise_linuxfedoraleapmac_os_xdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-8037
Matching Score-8
Assigner-Tcpdump Group
ShareView Details
Matching Score-8
Assigner-Tcpdump Group
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.80%
||
7 Day CHG~0.00%
Published-04 Nov, 2020 | 17:55
Updated-16 Sep, 2024 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ppp decapsulator can be convinced to allocate a large amount of memory

The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.

Action-Not Available
Vendor-Debian GNU/LinuxApple Inc.Fedora Projecttcpdump & libpcap
Product-debian_linuxfedoramac_os_xmacostcpdumptcpdump
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-8036
Matching Score-8
Assigner-Tcpdump Group
ShareView Details
Matching Score-8
Assigner-Tcpdump Group
CVSS Score-7.5||HIGH
EPSS-0.43% / 62.98%
||
7 Day CHG~0.00%
Published-04 Nov, 2020 | 17:55
Updated-16 Sep, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
str2tokbuf used incorrectly by print-someip.c

The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way.

Action-Not Available
Vendor-tcpdump & libpcap
Product-tcpdumptcpdump
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14463
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.62% / 70.01%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:12
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.

Action-Not Available
Vendor-n/aDebian GNU/LinuxApple Inc.tcpdump & libpcapFedora ProjectRed Hat, Inc.openSUSEF5, Inc.
Product-debian_linuxfedoraenterprise_linuxmac_os_xtraffix_signaling_delivery_controllertcpdumpleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2004-0183
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-30.16% / 96.69%
||
7 Day CHG~0.00%
Published-06 Apr, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.

Action-Not Available
Vendor-n/atcpdump & libpcap
Product-tcpdumpn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2004-0184
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-65.31% / 98.49%
||
7 Day CHG~0.00%
Published-06 Apr, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.

Action-Not Available
Vendor-n/atcpdump & libpcap
Product-tcpdumpn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2017-12989
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.14% / 78.46%
||
7 Day CHG~0.00%
Published-14 Sep, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-resp.c:resp_get_length().

Action-Not Available
Vendor-n/atcpdump & libpcap
Product-tcpdumpn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-12997
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 80.82%
||
7 Day CHG~0.00%
Published-14 Sep, 2017 | 06:00
Updated-04 Dec, 2025 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-lldp.c:lldp_private_8021_print().

Action-Not Available
Vendor-n/atcpdump & libpcap
Product-tcpdumpn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-12995
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.12% / 78.24%
||
7 Day CHG~0.00%
Published-14 Sep, 2017 | 06:00
Updated-04 Dec, 2025 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print().

Action-Not Available
Vendor-n/atcpdump & libpcap
Product-tcpdumpn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-12990
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.12% / 78.24%
||
7 Day CHG~0.00%
Published-14 Sep, 2017 | 06:00
Updated-04 Dec, 2025 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions.

Action-Not Available
Vendor-n/atcpdump & libpcap
Product-tcpdumpn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2019-15166
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-1.6||LOW
EPSS-1.02% / 77.25%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 16:01
Updated-03 Dec, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
lmp_print in tcpdump lacks certain boundary checks

lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.

Action-Not Available
Vendor-n/aApple Inc.NetApp, Inc.Canonical Ltd.openSUSEFedora ProjectRed Hat, Inc.Debian GNU/Linuxtcpdump & libpcap
Product-ubuntu_linuxenterprise_linuxleapfedoracloud_backupmac_os_xhci_management_nodesolidfiretcpdumpdebian_linuxn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2015-2153
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-11.32% / 93.56%
||
7 Day CHG~0.00%
Published-24 Mar, 2015 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU).

Action-Not Available
Vendor-n/atcpdump & libpcap
Product-tcpdumpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-2154
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.77% / 82.69%
||
7 Day CHG~0.00%
Published-24 Mar, 2015 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value.

Action-Not Available
Vendor-n/atcpdump & libpcap
Product-tcpdumpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3138
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.88% / 75.35%
||
7 Day CHG~0.00%
Published-27 Sep, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).

Action-Not Available
Vendor-n/atcpdump & libpcapopenSUSE
Product-leaptcpdumpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-18936
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 63.03%
||
7 Day CHG~0.00%
Published-21 Mar, 2020 | 00:08
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UniValue::read() in UniValue before 1.0.5 allow attackers to cause a denial of service (the class internal data reaches an inconsistent state) via input data that triggers an error.

Action-Not Available
Vendor-bloqn/a
Product-univaluen/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-18854
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.63% / 70.32%
||
7 Day CHG~0.00%
Published-11 Nov, 2019 | 14:36
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring.

Action-Not Available
Vendor-10upn/a
Product-safe_svgn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-16163
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.58%
||
7 Day CHG~0.00%
Published-09 Sep, 2019 | 15:38
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.

Action-Not Available
Vendor-oniguruma_projectn/aCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxonigurumadebian_linuxfedoran/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2017-11554
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.56% / 68.29%
||
7 Day CHG~0.00%
Published-23 Jul, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5. A crafted input will lead to a remote denial of service.

Action-Not Available
Vendor-libsassn/a
Product-libsassn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2017-11556
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.95%
||
7 Day CHG-0.27%
Published-23 Jul, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial of service.

Action-Not Available
Vendor-libsassn/a
Product-libsassn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-14235
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.51% / 89.16%
||
7 Day CHG~0.00%
Published-02 Aug, 2019 | 14:34
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.

Action-Not Available
Vendor-n/aDjangoopenSUSE
Product-djangoleapn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2022-47374
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.46%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 11:25
Updated-25 Feb, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle HTTP(S) requests to the web server correctly. This could allow an attacker to exhaust system resources and create a denial of service condition for the device.

Action-Not Available
Vendor-Siemens AG
Product-6es7414-3em07-0ab06es7416-3fs07-0ab06ag1414-3em07-7ab06ag1416-3es07-7ab0_firmware6ag1416-3es07-7ab0simatic_pc-station_plus_firmware6es7412-2ek07-0ab0_firmwaresimatic_pc-station_plus6es7416-3es07-0ab0_firmware6es7416-3fs07-0ab0_firmware6es7416-3es07-0ab06es7412-2ek07-0ab06es7414-3fm07-0ab0_firmware6es7414-3fm07-0ab0sinamics_s120sinamics_s120_firmware6es7414-3em07-0ab0_firmware6ag1414-3em07-7ab0_firmwareSIMATIC S7-400 CPU 416F-3 PN/DP V7SIMATIC S7-400 CPU 416-3 PN/DP V7SIPLUS S7-400 CPU 414-3 PN/DP V7SIMATIC S7-400 CPU 414-3 PN/DP V7SIMATIC S7-400 CPU 414F-3 PN/DP V7SIPLUS S7-400 CPU 416-3 PN/DP V7SIMATIC S7-400 CPU 412-2 PN V7SINAMICS S120 (incl. SIPLUS variants)SIMATIC PC-Station Plus
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-13124
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 9.22%
||
7 Day CHG~0.00%
Published-30 Sep, 2019 | 19:29
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 2 of 2).

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-windowsfoxit_readern/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-13123
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 9.22%
||
7 Day CHG~0.00%
Published-30 Sep, 2019 | 19:18
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 1 of 2).

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-windowsfoxit_readern/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-12212
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.65% / 70.88%
||
7 Day CHG~0.00%
Published-20 May, 2019 | 15:05
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.

Action-Not Available
Vendor-freeimage_projectn/a
Product-freeimagen/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2016-9597
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.25% / 79.36%
||
7 Day CHG~0.00%
Published-30 Jul, 2018 | 14:00
Updated-06 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.

Action-Not Available
Vendor-Canonical Ltd.HP Inc.libxml2 (XMLSoft)Debian GNU/LinuxopenSUSERed Hat, Inc.
Product-ubuntu_linuxdebian_linuxlibxml2icewall_file_managericewall_federation_agentleaplibxml2
CWE ID-CWE-674
Uncontrolled Recursion
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-12295
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.40% / 80.44%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 11:56
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion.

Action-Not Available
Vendor-n/aCanonical Ltd.Wireshark FoundationF5, Inc.Debian GNU/Linux
Product-ubuntu_linuxbig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_local_traffic_managerbig-ip_domain_name_systemwiresharkbig-ip_application_security_managerbig-ip_edge_gatewaydebian_linuxbig-ip_link_controllerbig-ip_access_policy_managerbig-ip_advanced_firewall_managern/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-11937
Matching Score-4
Assigner-Meta Platforms, Inc.
ShareView Details
Matching Score-4
Assigner-Meta Platforms, Inc.
CVSS Score-7.5||HIGH
EPSS-0.64% / 70.65%
||
7 Day CHG~0.00%
Published-04 Dec, 2019 | 16:00
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Mcrouter prior to v0.41.0, a large struct input provided to the Carbon protocol reader could result in stack exhaustion and denial of service.

Action-Not Available
Vendor-Facebook
Product-mcrouterMcrouter
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2022-46405
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.72% / 72.42%
||
7 Day CHG~0.00%
Published-04 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated messages.

Action-Not Available
Vendor-joinmastodonn/a
Product-mastodonn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-0001
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.63% / 70.26%
||
7 Day CHG~0.00%
Published-15 Jan, 2019 | 21:00
Updated-17 Sep, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series: uncontrolled recursion and crash in Broadband Edge subscriber management daemon (bbe-smgd).

Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.Fedora Project
Product-junosfedoraJunos OS
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2022-41966
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-2.38% / 85.00%
||
7 Day CHG~0.00%
Published-27 Dec, 2022 | 23:07
Updated-23 May, 2025 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XStream Denial of Service via stack overflow

XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable.

Action-Not Available
Vendor-xstreamx-stream
Product-xstreamxstream
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-502
Deserialization of Untrusted Data
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2022-41881
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 33.83%
||
7 Day CHG~0.00%
Published-12 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.

Action-Not Available
Vendor-Debian GNU/LinuxThe Netty Project
Product-nettydebian_linuxnetty
CWE ID-CWE-674
Uncontrolled Recursion
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found