The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgpattrprint().
{ "vanir_signatures": [ { "digest": { "function_hash": "295029212132483183672697495560089077830", "length": 25611.0 }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/the-tcpdump-group/tcpdump/commit/50a44b6b8e4f7c127440dbd4239cf571945cc1e7", "signature_type": "Function", "id": "CVE-2017-12991-b7f23f44", "target": { "function": "bgp_attr_print", "file": "print-bgp.c" } }, { "digest": { "line_hashes": [ "245773694374329174082484162818803088766", "154274373918990530425658208715935972111", "304340865847970542887382131320071485886", "193321284312544786882466386329179784354" ], "threshold": 0.9 }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/the-tcpdump-group/tcpdump/commit/50a44b6b8e4f7c127440dbd4239cf571945cc1e7", "signature_type": "Line", "id": "CVE-2017-12991-f7d24c74", "target": { "file": "print-bgp.c" } } ] }