CVE-2017-12894
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-12894
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-12894.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-12894
- Downstream
- Related
- Published
- 2017-09-14T06:29:00Z
- Modified
- 2025-09-16T06:39:49.984716Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring().
- References
-
- http://www.debian.org/security/2017/dsa-3971
- http://www.tcpdump.org/tcpdump-changes.txt
- https://access.redhat.com/errata/RHEA-2018:0705
- https://github.com/the-tcpdump-group/tcpdump/commit/730fc35968c5433b9e2a829779057f4f9495dc51
- https://security.gentoo.org/glsa/201709-23
- http://www.securitytracker.com/id/1039307
- https://support.apple.com/HT208221
Affected packages
Debian:11 / tcpdump
Package
- Name
- tcpdump
- Purl
- pkg:deb/debian/tcpdump?arch=source
Debian:12 / tcpdump
Package
- Name
- tcpdump
- Purl
- pkg:deb/debian/tcpdump?arch=source
Debian:13 / tcpdump
Package
- Name
- tcpdump
- Purl
- pkg:deb/debian/tcpdump?arch=source
Debian:14 / tcpdump
Package
- Name
- tcpdump
- Purl
- pkg:deb/debian/tcpdump?arch=source
Git / github.com/the-tcpdump-group/tcpdump
Affected ranges
- Type
- GIT
- Repo
- https://github.com/the-tcpdump-group/tcpdump
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
tcpdump-3.*
tcpdump-3.5.1
tcpdump-3.6.1
tcpdump-3.7.1
tcpdump-3.8-bp
tcpdump-4.*
tcpdump-4.5.0
tcpdump-4.6.0
tcpdump-4.6.0-bp
tcpdump-4.7.0-bp
tcpdump-4.9.0-bp
Database specific
{
"vanir_signatures": [
{
"source": "https://github.com/the-tcpdump-group/tcpdump/commit/730fc35968c5433b9e2a829779057f4f9495dc51",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"281784477677455406923150218731585651214",
"311811370604765515654499956781771900243",
"50850793677039943897190965101574176696",
"301876310245077321843781179798259765271",
"276742655847125199040468120488841561305",
"262030413763699989946594438185770633354",
"101343344584192171781943073610212380914",
"81349651285070282057604403265985948389",
"175337254736723737217655229331797582622",
"31880576409697549409673242740208282692",
"261599639248819191398222309280914671348",
"272625274690514023496372316020325894724",
"3015044670325161445800493607049187804",
"176981949402889967252885707375755493951",
"206067957033511294040477843950099859245",
"330202018619638956731955187377021368712",
"30624787983582107830985006261839378101",
"221013080013019016481426922253267708025",
"316400878203465580233489885445633429186",
"173008129391784979185176396542270430245",
"63533705919077689067497058961222844225",
"261839471957827371232980186286256219824",
"185108926796913632051455259746505362631",
"238063320959853040450121267006763289342",
"88599892737670906416653031719210579709",
"293939756487546549124064419803023839910",
"62402831849661308115702083065105286986",
"214392843737754207267223111835894735541",
"50766520481427452354145385280045790201",
"150844433836452097124659204053236898493",
"70052494504250019774661632376946760294",
"334099470022240190218484014088214826559",
"140647409399162987181202339439401795245",
"205199153810930208126551915420899363694",
"290386015081198973160066645626496274374",
"121900758226764069039255693276020628460",
"277980868824365205262905223452443967303",
"14565377169342513818241721252197509962",
"277462078897525601005489247890209508779",
"270877601855454070299299237271916898674",
"25322439242635023977602741313962421419",
"118788379158648304852626795734065418624",
"213998744295043370249370052778775571449",
"56432573314593153177206699557346646049",
"40818768192215126970738468547876320931",
"82033476988207320874397525730564512731",
"5559339433305474494259281370110079356",
"326062179993215368587260570200247965661",
"297816345990093471553154173906305385513",
"207463717983792760998647374784157562162",
"127804718064219449927274958437649770185",
"166406254706450596383831878612268098345",
"55957487567121997149831447039761793449",
"46811256344675858112762343998216123073",
"272849245688597678757347760696546613262",
"103544574201020883309493306773740850544",
"225172648385739415218029603352951848828",
"289841303648846822508670380716854311096",
"120788746026739945033815071185149765046",
"9267359922622603605117067716157506490",
"228404474203928767720139966204614133362",
"214604194884521974218399708506639800316",
"295298981032121868599938280621420778586",
"317632810868459383923913100351167112645",
"65848991307888023061229873364179040125",
"318859698566230645473625733707217408021"
],
"threshold": 0.9
},
"id": "CVE-2017-12894-55dbd9eb",
"signature_type": "Line",
"target": {
"file": "addrtoname.c"
}
},
{
"source": "https://github.com/the-tcpdump-group/tcpdump/commit/730fc35968c5433b9e2a829779057f4f9495dc51",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "302291024405511256205866333574365061448",
"length": 904.0
},
"id": "CVE-2017-12894-6fe8cf14",
"signature_type": "Function",
"target": {
"file": "addrtoname.c",
"function": "linkaddr_string"
}
},
{
"source": "https://github.com/the-tcpdump-group/tcpdump/commit/730fc35968c5433b9e2a829779057f4f9495dc51",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "38726243804220811492266718436633786785",
"length": 1189.0
},
"id": "CVE-2017-12894-7edbc3d9",
"signature_type": "Function",
"target": {
"file": "addrtoname.c",
"function": "lookup_bytestring"
}
},
{
"source": "https://github.com/the-tcpdump-group/tcpdump/commit/730fc35968c5433b9e2a829779057f4f9495dc51",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "251084258938269687238183385414260887471",
"length": 629.0
},
"id": "CVE-2017-12894-c7f0667b",
"signature_type": "Function",
"target": {
"file": "addrtoname.c",
"function": "le64addr_string"
}
}
]
}