CVE-2017-12894

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-12894

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-12894.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-12894

Downstream

DEBIAN-CVE-2017-12894

DLA-1097-1

DSA-3971-1

RHEA-2018:0705

SUSE-SU-2017:2854-1

SUSE-SU-2019:14191-1

UBUNTU-CVE-2017-12894

USN-3415-1

openSUSE-SU-2024:11425-1

Related

Published

2017-09-14T06:29:00Z

Modified

2025-09-16T06:39:49.984716Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring().

References

Affected packages

Debian:11 / tcpdump

Package

Name: tcpdump
Purl: pkg:deb/debian/tcpdump?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.9.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / tcpdump

Package

Name: tcpdump
Purl: pkg:deb/debian/tcpdump?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.9.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / tcpdump

Package

Name: tcpdump
Purl: pkg:deb/debian/tcpdump?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.9.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / tcpdump

Package

Name: tcpdump
Purl: pkg:deb/debian/tcpdump?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.9.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/the-tcpdump-group/tcpdump

Affected ranges

Type: GIT
Repo: https://github.com/the-tcpdump-group/tcpdump
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

730fc35968c5433b9e2a829779057f4f9495dc51

Affected versions

tcpdump-3.*

tcpdump-3.5.1

tcpdump-3.6.1

tcpdump-3.7.1

tcpdump-3.8-bp

tcpdump-4.*

tcpdump-4.5.0

tcpdump-4.6.0

tcpdump-4.6.0-bp

tcpdump-4.7.0-bp

tcpdump-4.9.0-bp

Database specific

{
    "vanir_signatures": [
        {
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "281784477677455406923150218731585651214",
                    "311811370604765515654499956781771900243",
                    "50850793677039943897190965101574176696",
                    "301876310245077321843781179798259765271",
                    "276742655847125199040468120488841561305",
                    "262030413763699989946594438185770633354",
                    "101343344584192171781943073610212380914",
                    "81349651285070282057604403265985948389",
                    "175337254736723737217655229331797582622",
                    "31880576409697549409673242740208282692",
                    "261599639248819191398222309280914671348",
                    "272625274690514023496372316020325894724",
                    "3015044670325161445800493607049187804",
                    "176981949402889967252885707375755493951",
                    "206067957033511294040477843950099859245",
                    "330202018619638956731955187377021368712",
                    "30624787983582107830985006261839378101",
                    "221013080013019016481426922253267708025",
                    "316400878203465580233489885445633429186",
                    "173008129391784979185176396542270430245",
                    "63533705919077689067497058961222844225",
                    "261839471957827371232980186286256219824",
                    "185108926796913632051455259746505362631",
                    "238063320959853040450121267006763289342",
                    "88599892737670906416653031719210579709",
                    "293939756487546549124064419803023839910",
                    "62402831849661308115702083065105286986",
                    "214392843737754207267223111835894735541",
                    "50766520481427452354145385280045790201",
                    "150844433836452097124659204053236898493",
                    "70052494504250019774661632376946760294",
                    "334099470022240190218484014088214826559",
                    "140647409399162987181202339439401795245",
                    "205199153810930208126551915420899363694",
                    "290386015081198973160066645626496274374",
                    "121900758226764069039255693276020628460",
                    "277980868824365205262905223452443967303",
                    "14565377169342513818241721252197509962",
                    "277462078897525601005489247890209508779",
                    "270877601855454070299299237271916898674",
                    "25322439242635023977602741313962421419",
                    "118788379158648304852626795734065418624",
                    "213998744295043370249370052778775571449",
                    "56432573314593153177206699557346646049",
                    "40818768192215126970738468547876320931",
                    "82033476988207320874397525730564512731",
                    "5559339433305474494259281370110079356",
                    "326062179993215368587260570200247965661",
                    "297816345990093471553154173906305385513",
                    "207463717983792760998647374784157562162",
                    "127804718064219449927274958437649770185",
                    "166406254706450596383831878612268098345",
                    "55957487567121997149831447039761793449",
                    "46811256344675858112762343998216123073",
                    "272849245688597678757347760696546613262",
                    "103544574201020883309493306773740850544",
                    "225172648385739415218029603352951848828",
                    "289841303648846822508670380716854311096",
                    "120788746026739945033815071185149765046",
                    "9267359922622603605117067716157506490",
                    "228404474203928767720139966204614133362",
                    "214604194884521974218399708506639800316",
                    "295298981032121868599938280621420778586",
                    "317632810868459383923913100351167112645",
                    "65848991307888023061229873364179040125",
                    "318859698566230645473625733707217408021"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://github.com/the-tcpdump-group/tcpdump/commit/730fc35968c5433b9e2a829779057f4f9495dc51",
            "id": "CVE-2017-12894-55dbd9eb",
            "target": {
                "file": "addrtoname.c"
            },
            "deprecated": false
        },
        {
            "signature_type": "Function",
            "digest": {
                "length": 904.0,
                "function_hash": "302291024405511256205866333574365061448"
            },
            "signature_version": "v1",
            "source": "https://github.com/the-tcpdump-group/tcpdump/commit/730fc35968c5433b9e2a829779057f4f9495dc51",
            "id": "CVE-2017-12894-6fe8cf14",
            "target": {
                "file": "addrtoname.c",
                "function": "linkaddr_string"
            },
            "deprecated": false
        },
        {
            "signature_type": "Function",
            "digest": {
                "length": 1189.0,
                "function_hash": "38726243804220811492266718436633786785"
            },
            "signature_version": "v1",
            "source": "https://github.com/the-tcpdump-group/tcpdump/commit/730fc35968c5433b9e2a829779057f4f9495dc51",
            "id": "CVE-2017-12894-7edbc3d9",
            "target": {
                "file": "addrtoname.c",
                "function": "lookup_bytestring"
            },
            "deprecated": false
        },
        {
            "signature_type": "Function",
            "digest": {
                "length": 629.0,
                "function_hash": "251084258938269687238183385414260887471"
            },
            "signature_version": "v1",
            "source": "https://github.com/the-tcpdump-group/tcpdump/commit/730fc35968c5433b9e2a829779057f4f9495dc51",
            "id": "CVE-2017-12894-c7f0667b",
            "target": {
                "file": "addrtoname.c",
                "function": "le64addr_string"
            },
            "deprecated": false
        }
    ]
}