The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgpattrprint().
{ "vanir_signatures": [ { "id": "CVE-2017-12994-0b41bee4", "target": { "file": "print-bgp.c" }, "source": "https://github.com/the-tcpdump-group/tcpdump/commit/ffde45acf3348f8353fb4064a1b21683ee6b5ddf", "signature_type": "Line", "deprecated": false, "signature_version": "v1", "digest": { "line_hashes": [ "313191957741971774421504694191871027640", "267615560364377484524252928622038439518", "212667379143549392551083605770662126567", "227365958885227332852040688816193788587", "261152624748888553396851265688605312287", "54754817726796326499538374459870954913", "185905421235364958768343898015458827377", "52581109373825755054616980464746702185", "129222627061189662653625585052642847041", "79007374208822584897870950943031292514", "53602028973024336283364586113244307189", "102244717528913368066458007744475966514", "287142438634232311865342146343827886518", "204678127239060167599927614621267400643", "162563898993486083490210580807789364759", "306554102584345379991440203318059398648", "84004623387789374372360772735980295141", "326851347394893224217347944887119782802", "307456515336103805084991881959052357304", "113276616831908439921409403704173103687", "162262200904387414453142349154380075577" ], "threshold": 0.9 } }, { "id": "CVE-2017-12994-233b38bc", "target": { "file": "print-bgp.c", "function": "bgp_attr_print" }, "source": "https://github.com/the-tcpdump-group/tcpdump/commit/ffde45acf3348f8353fb4064a1b21683ee6b5ddf", "signature_type": "Function", "deprecated": false, "signature_version": "v1", "digest": { "function_hash": "51946740659389498614150489045131851309", "length": 25636.0 } } ] }