The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-resp.c:respgetlength().
{ "vanir_signatures": [ { "signature_type": "Function", "digest": { "length": 1100.0, "function_hash": "30213188128045865996434311905792311393" }, "signature_version": "v1", "id": "CVE-2017-12989-1693c416", "source": "https://github.com/the-tcpdump-group/tcpdump/commit/db24063b01cba8e9d4d88b7d8ac70c9000c104e4", "target": { "function": "resp_get_length", "file": "print-resp.c" }, "deprecated": false }, { "signature_type": "Line", "digest": { "line_hashes": [ "270123972413083657748358738700393448388", "37870302601684189550496542801300088901", "75311662017170946691113656427736476002", "175047773551233991976300235816667190652", "293556463407149710660943371351860404334", "42177703494192527614178960912310960179", "30949159115991865821261509636263298812", "189330083716306233597207702542882810441", "306518776654786034299409832718731218777", "205641115085539915120381321415755694719", "131946393620083988488458600713393940013", "198502229368435872520459884236642700100", "142295050444282080297439677107370589563", "124381757479606411790997780701017355854", "104802786397883859612204863547227697067", "265692465881915239159692785468362558531", "114117851532544277136293363557262332867", "252786605969710954509985381689767026064", "259600052433133684968408251557003925215", "94796079410514839788236896171255600921", "44766025262958209703149997274373294963", "242867752232045612387595242538255877783" ], "threshold": 0.9 }, "signature_version": "v1", "id": "CVE-2017-12989-a104828f", "source": "https://github.com/the-tcpdump-group/tcpdump/commit/db24063b01cba8e9d4d88b7d8ac70c9000c104e4", "target": { "file": "print-resp.c" }, "deprecated": false } ] }