The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmprfc3948print().
[ { "signature_type": "Function", "id": "CVE-2017-12896-55274087", "source": "https://github.com/the-tcpdump-group/tcpdump/commit/f76e7feb41a4327d2b0978449bbdafe98d4a3771", "signature_version": "v1", "target": { "function": "isakmp_rfc3948_print", "file": "print-isakmp.c" }, "digest": { "function_hash": "235700187824518271551597626464413906066", "length": 771.0 }, "deprecated": false }, { "signature_type": "Line", "id": "CVE-2017-12896-df6808a2", "source": "https://github.com/the-tcpdump-group/tcpdump/commit/f76e7feb41a4327d2b0978449bbdafe98d4a3771", "signature_version": "v1", "target": { "file": "print-isakmp.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "92476039214299902913464049845602499755", "127476701255543416211591624465891517165", "77254627758977974949835247697373969547", "176839869703757769384565147195255420664", "151147998512336889841084261265686820891", "82334409732181199188306388935128945223", "249149048780038985767469673771466557067" ] }, "deprecated": false } ]