The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len().
{ "vanir_signatures": [ { "id": "CVE-2017-12893-18713554", "signature_type": "Line", "digest": { "line_hashes": [ "89528569757786183979898013357952063915", "95936024836004477637226364277217972178", "256302665990413636940166956872632110133", "59029088198345276848708742558307582191" ], "threshold": 0.9 }, "target": { "file": "smbutil.c" }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/the-tcpdump-group/tcpdump/commit/6f5ba2b651cd9d4b7fa8ee5c4f94460645877c45" }, { "id": "CVE-2017-12893-219e922b", "signature_type": "Function", "digest": { "function_hash": "254543148971284822015752960748193495829", "length": 472.0 }, "target": { "file": "smbutil.c", "function": "name_len" }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/the-tcpdump-group/tcpdump/commit/6f5ba2b651cd9d4b7fa8ee5c4f94460645877c45" } ] }