The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read in print-pktap.c:pktapifprint().
{ "vanir_signatures": [ { "source": "https://github.com/the-tcpdump-group/tcpdump/commit/ca336198e8bebccc18502de27672fdbd6eb34856", "deprecated": false, "signature_type": "Function", "signature_version": "v1", "target": { "function": "pktap_if_print", "file": "print-pktap.c" }, "digest": { "function_hash": "67653295329580285895876447877656899322", "length": 1155.0 }, "id": "CVE-2017-13007-4d9ac1c5" }, { "source": "https://github.com/the-tcpdump-group/tcpdump/commit/ca336198e8bebccc18502de27672fdbd6eb34856", "deprecated": false, "signature_type": "Line", "signature_version": "v1", "target": { "file": "print-pktap.c" }, "digest": { "line_hashes": [ "257577306372909740298155662873965204050", "196305984774396237666926551577207399615", "118711629388412737517521012722303671450", "98721970251407412075475594312336518794", "120760437666147748104085914945066727573", "198118114468417954173237688562901816152", "196714695037315048082365427867707563719", "2562496226138503436879578040535834396" ], "threshold": 0.9 }, "id": "CVE-2017-13007-fb111b95" } ] }