CVE-2019-1010220 - Vulnerability Details

Vendors	Products
Tcpdump	Tcpdump

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
https://github.com/the-tcpdump-group/tcpdump/blob/master/print-hncp.c
https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9.2/print-hncp.c
https://github.com/the-tcpdump-group/tcpdump/commits/master/print-hncp.c
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
https://nvd.nist.gov/vuln/detail/CVE-2019-1010220
https://usn.ubuntu.com/4252-1/
https://usn.ubuntu.com/4252-2/
https://www.cve.org/CVERecord?id=CVE-2019-1010220

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "tcpdump", "vendor": "tcpdump.org", "versions": [{"status": "affected", "version": "4.9.2"}]}], "descriptions": [{"lang": "en", "value": "tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: \"ND_PRINT((ndo, \"%s\", buf));\", in function named \"print_prefix\", in \"print-hncp.c\". The attack vector is: The victim must open a specially crafted pcap file."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-126", "description": "CWE-126: Buffer Over-read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-02-05T03:06:02", "orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "shortName": "dwf"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9.2/print-hncp.c"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/the-tcpdump-group/tcpdump/blob/master/print-hncp.c"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/the-tcpdump-group/tcpdump/commits/master/print-hncp.c"}, {"name": "openSUSE-SU-2019:1964", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html"}, {"name": "openSUSE-SU-2019:2344", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html"}, {"name": "openSUSE-SU-2019:2348", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html"}, {"name": "FEDORA-2019-85d92df70f", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/"}, {"name": "FEDORA-2019-d06bc63433", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/"}, {"name": "FEDORA-2019-6db0d5b9d9", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/"}, {"name": "USN-4252-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4252-2/"}, {"name": "USN-4252-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4252-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010220", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "tcpdump", "version": {"version_data": [{"version_value": "4.9.2"}]}}]}, "vendor_name": "tcpdump.org"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: \"ND_PRINT((ndo, \"%s\", buf));\", in function named \"print_prefix\", in \"print-hncp.c\". The attack vector is: The victim must open a specially crafted pcap file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-126: Buffer Over-read"}]}]}, "references": {"reference_data": [{"name": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9.2/print-hncp.c", "refsource": "MISC", "url": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9.2/print-hncp.c"}, {"name": "https://github.com/the-tcpdump-group/tcpdump/blob/master/print-hncp.c", "refsource": "MISC", "url": "https://github.com/the-tcpdump-group/tcpdump/blob/master/print-hncp.c"}, {"name": "https://github.com/the-tcpdump-group/tcpdump/commits/master/print-hncp.c", "refsource": "MISC", "url": "https://github.com/the-tcpdump-group/tcpdump/commits/master/print-hncp.c"}, {"name": "openSUSE-SU-2019:1964", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html"}, {"name": "openSUSE-SU-2019:2344", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html"}, {"name": "openSUSE-SU-2019:2348", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html"}, {"name": "FEDORA-2019-85d92df70f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/"}, {"name": "FEDORA-2019-d06bc63433", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/"}, {"name": "FEDORA-2019-6db0d5b9d9", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/"}, {"name": "USN-4252-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4252-2/"}, {"name": "USN-4252-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4252-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:07:18.432Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9.2/print-hncp.c"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/the-tcpdump-group/tcpdump/blob/master/print-hncp.c"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/the-tcpdump-group/tcpdump/commits/master/print-hncp.c"}, {"name": "openSUSE-SU-2019:1964", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html"}, {"name": "openSUSE-SU-2019:2344", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html"}, {"name": "openSUSE-SU-2019:2348", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html"}, {"name": "FEDORA-2019-85d92df70f", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/"}, {"name": "FEDORA-2019-d06bc63433", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/"}, {"name": "FEDORA-2019-6db0d5b9d9", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/"}, {"name": "USN-4252-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4252-2/"}, {"name": "USN-4252-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4252-1/"}]}]}, "cveMetadata": {"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "assignerShortName": "dwf", "cveId": "CVE-2019-1010220", "datePublished": "2019-07-22T17:30:14", "dateReserved": "2019-03-20T00:00:00", "dateUpdated": "2024-08-05T03:07:18.432Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : tcpdump (string)

vendor : tcpdump.org (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.9.2 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". The attack vector is: The victim must open a specially crafted pcap file. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-126 (string)

description : CWE-126: Buffer Over-read (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-02-05T03:06:02 (string)

orgId : 7556d962-6fb7-411e-85fa-6cd62f095ba8 (string)

shortName : dwf (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9.2/print-hncp.c (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://github.com/the-tcpdump-group/tcpdump/blob/master/print-hncp.c (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://github.com/the-tcpdump-group/tcpdump/commits/master/print-hncp.c (string)

}

3 : { »

name : openSUSE-SU-2019:1964 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html (string)

}

4 : { »

name : openSUSE-SU-2019:2344 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html (string)

}

5 : { »

name : openSUSE-SU-2019:2348 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html (string)

}

6 : { »

name : FEDORA-2019-85d92df70f (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ (string)

}

7 : { »

name : FEDORA-2019-d06bc63433 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ (string)

}

8 : { »

name : FEDORA-2019-6db0d5b9d9 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ (string)

}

9 : { »

name : USN-4252-2 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : https://usn.ubuntu.com/4252-2/ (string)

}

10 : { »

name : USN-4252-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : https://usn.ubuntu.com/4252-1/ (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve-assign@distributedweaknessfiling.org (string)

ID : CVE-2019-1010220 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : tcpdump (string)

version : { »

version_data : [ »

0 : { »

version_value : 4.9.2 (string)

}

]

}

]

}

vendor_name : tcpdump.org (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". The attack vector is: The victim must open a specially crafted pcap file. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-126: Buffer Over-read (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9.2/print-hncp.c (string)

refsource : MISC (string)

url : https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9.2/print-hncp.c (string)

}

1 : { »

name : https://github.com/the-tcpdump-group/tcpdump/blob/master/print-hncp.c (string)

refsource : MISC (string)

url : https://github.com/the-tcpdump-group/tcpdump/blob/master/print-hncp.c (string)

}

2 : { »

name : https://github.com/the-tcpdump-group/tcpdump/commits/master/print-hncp.c (string)

refsource : MISC (string)

url : https://github.com/the-tcpdump-group/tcpdump/commits/master/print-hncp.c (string)

}

3 : { »

name : openSUSE-SU-2019:1964 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html (string)

}

4 : { »

name : openSUSE-SU-2019:2344 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html (string)

}

5 : { »

name : openSUSE-SU-2019:2348 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html (string)

}

6 : { »

name : FEDORA-2019-85d92df70f (string)

refsource : FEDORA (string)

url : https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ (string)

}

7 : { »

name : FEDORA-2019-d06bc63433 (string)

refsource : FEDORA (string)

url : https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ (string)

}

8 : { »

name : FEDORA-2019-6db0d5b9d9 (string)

refsource : FEDORA (string)

url : https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ (string)

}

9 : { »

name : USN-4252-2 (string)

refsource : UBUNTU (string)

url : https://usn.ubuntu.com/4252-2/ (string)

}

10 : { »

name : USN-4252-1 (string)

refsource : UBUNTU (string)

url : https://usn.ubuntu.com/4252-1/ (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T03:07:18.432Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9.2/print-hncp.c (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://github.com/the-tcpdump-group/tcpdump/blob/master/print-hncp.c (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://github.com/the-tcpdump-group/tcpdump/commits/master/print-hncp.c (string)

}

3 : { »

name : openSUSE-SU-2019:1964 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html (string)

}

4 : { »

name : openSUSE-SU-2019:2344 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html (string)

}

5 : { »

name : openSUSE-SU-2019:2348 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html (string)

}

6 : { »

name : FEDORA-2019-85d92df70f (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ (string)

}

7 : { »

name : FEDORA-2019-d06bc63433 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ (string)

}

8 : { »

name : FEDORA-2019-6db0d5b9d9 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ (string)

}

9 : { »

name : USN-4252-2 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : https://usn.ubuntu.com/4252-2/ (string)

}

10 : { »

name : USN-4252-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : https://usn.ubuntu.com/4252-1/ (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 7556d962-6fb7-411e-85fa-6cd62f095ba8 (string)

assignerShortName : dwf (string)

cveId : CVE-2019-1010220 (string)

datePublished : 2019-07-22T17:30:14 (string)

dateReserved : 2019-03-20T00:00:00 (string)

dateUpdated : 2024-08-05T03:07:18.432Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tcpdump:tcpdump:4.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "E9FBA366-800E-4163-8E22-A652750C4F28", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: \"ND_PRINT((ndo, \"%s\", buf));\", in function named \"print_prefix\", in \"print-hncp.c\". The attack vector is: The victim must open a specially crafted pcap file."}, {"lang": "es", "value": "tcpdump de tcpdump.org versi\u00f3n 4.9.2 est\u00e1 afectado por: CWE-126: Sobrecarga del B\u00fafer. El impacto es: puede exponer el Puntero Frame Guardado, la Direcci\u00f3n de Retorno, etc. en la pila. El componente es: l\u00ednea 234: \"ND_PRINT((ndo,\"% s\",buf));\", en la funci\u00f3n llamada \"print_prefix\", en el archivo \"print-hncp.c\". El vector de ataque es: La v\u00edctima necesita abrir un archivo pcap especialmente dise\u00f1ado."}], "id": "CVE-2019-1010220", "lastModified": "2024-11-21T04:18:03.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-22T18:15:11.027", "references": [{"source": "josh@bress.net", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html"}, {"source": "josh@bress.net", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html"}, {"source": "josh@bress.net", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html"}, {"source": "josh@bress.net", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/the-tcpdump-group/tcpdump/blob/master/print-hncp.c"}, {"source": "josh@bress.net", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9.2/print-hncp.c"}, {"source": "josh@bress.net", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/the-tcpdump-group/tcpdump/commits/master/print-hncp.c"}, {"source": "josh@bress.net", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/"}, {"source": "josh@bress.net", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/"}, {"source": "josh@bress.net", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/"}, {"source": "josh@bress.net", "url": "https://usn.ubuntu.com/4252-1/"}, {"source": "josh@bress.net", "url": "https://usn.ubuntu.com/4252-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/the-tcpdump-group/tcpdump/blob/master/print-hncp.c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9.2/print-hncp.c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/the-tcpdump-group/tcpdump/commits/master/print-hncp.c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4252-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4252-2/"}], "sourceIdentifier": "josh@bress.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-126"}], "source": "josh@bress.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:tcpdump:tcpdump:4.9.2:*:*:*:*:*:*:* (string)

matchCriteriaId : E9FBA366-800E-4163-8E22-A652750C4F28 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". The attack vector is: The victim must open a specially crafted pcap file. (string)

}

1 : { »

lang : es (string)

value : tcpdump de tcpdump.org versión 4.9.2 está afectado por: CWE-126: Sobrecarga del Búfer. El impacto es: puede exponer el Puntero Frame Guardado, la Dirección de Retorno, etc. en la pila. El componente es: línea 234: "ND_PRINT((ndo,"% s",buf));", en la función llamada "print_prefix", en el archivo "print-hncp.c". El vector de ataque es: La víctima necesita abrir un archivo pcap especialmente diseñado. (string)

}

]

id : CVE-2019-1010220 (string)

lastModified : 2024-11-21T04:18:03.980 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 4.3 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:M/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 3.3 (number)

baseSeverity : LOW (string)

confidentialityImpact : LOW (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 1.4 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2019-07-22T18:15:11.027 (string)

references : [ »

0 : { »

source : josh@bress.net (string)

url : http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html (string)

}

1 : { »

source : josh@bress.net (string)

url : http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html (string)

}

2 : { »

source : josh@bress.net (string)

url : http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html (string)

}

3 : { »

source : josh@bress.net (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://github.com/the-tcpdump-group/tcpdump/blob/master/print-hncp.c (string)

}

4 : { »

source : josh@bress.net (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9.2/print-hncp.c (string)

}

5 : { »

source : josh@bress.net (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://github.com/the-tcpdump-group/tcpdump/commits/master/print-hncp.c (string)

}

6 : { »

source : josh@bress.net (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ (string)

}

7 : { »

source : josh@bress.net (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ (string)

}

8 : { »

source : josh@bress.net (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ (string)

}

9 : { »

source : josh@bress.net (string)

url : https://usn.ubuntu.com/4252-1/ (string)

}

10 : { »

source : josh@bress.net (string)

url : https://usn.ubuntu.com/4252-2/ (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://github.com/the-tcpdump-group/tcpdump/blob/master/print-hncp.c (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9.2/print-hncp.c (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://github.com/the-tcpdump-group/tcpdump/commits/master/print-hncp.c (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://usn.ubuntu.com/4252-1/ (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://usn.ubuntu.com/4252-2/ (string)

}

]

sourceIdentifier : josh@bress.net (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-126 (string)

}

]

source : josh@bress.net (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-125 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"bugzilla": {"description": "tcpdump: buffer over-read in function print_prefix in print-hncp.c", "id": "1735549", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735549"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "status": "draft"}, "cwe": "CWE-125", "details": ["tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: \"ND_PRINT((ndo, \"%s\", buf));\", in function named \"print_prefix\", in \"print-hncp.c\". The attack vector is: The victim must open a specially crafted pcap file."], "name": "CVE-2019-1010220", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "tcpdump", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "tcpdump", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "tcpdump", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "tcpdump", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2019-08-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-1010220\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-1010220"], "statement": "This flaw was found to be a duplicate of CVE-2018-19519. Please see https://access.redhat.com/security/cve/CVE-2018-19519 for information about affected products and security errata."}

{

bugzilla : { »

description : tcpdump: buffer over-read in function print_prefix in print-hncp.c (string)

id : 1735549 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1735549 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 5.4 (string)

cvss3_scoring_vector : CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L (string)

status : draft (string)

}

cwe : CWE-125 (string)

details : [ »

0 : tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". The attack vector is: The victim must open a specially crafted pcap file. (string)

]

name : CVE-2019-1010220 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Not affected (string)

package_name : tcpdump (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Not affected (string)

package_name : tcpdump (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Not affected (string)

package_name : tcpdump (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

3 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Not affected (string)

package_name : tcpdump (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

]

public_date : 2019-08-01T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2019-1010220 https://nvd.nist.gov/vuln/detail/CVE-2019-1010220 (string)

]

statement : This flaw was found to be a duplicate of CVE-2018-19519. Please see https://access.redhat.com/security/cve/CVE-2018-19519 for information about affected products and security errata. (string)

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object