CVE-2017-13008

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-13008
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-13008.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-13008
Downstream
Related
Published
2017-09-14T06:29:01Z
Modified
2025-10-15T08:46:49.965978Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-80211.c:parseelements().

References

Affected packages

Git / github.com/the-tcpdump-group/tcpdump

Affected ranges

Type
GIT
Repo
https://github.com/the-tcpdump-group/tcpdump
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5edf405d7ed9fc92f4f43e8a3d44baa4c6387562

Affected versions

tcpdump-3.*

tcpdump-3.5.1
tcpdump-3.6.1
tcpdump-3.7.1
tcpdump-3.8-bp

tcpdump-4.*

tcpdump-4.5.0
tcpdump-4.6.0
tcpdump-4.6.0-bp
tcpdump-4.7.0-bp
tcpdump-4.9.0-bp

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "target": {
            "file": "print-802_11.c"
        },
        "signature_type": "Line",
        "source": "https://github.com/the-tcpdump-group/tcpdump/commit/5edf405d7ed9fc92f4f43e8a3d44baa4c6387562",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "114890783988401520916887142771826743799",
                "33700102445721614682793134944677885319",
                "122087639788367034544124741603362620738",
                "21976165256715018485154224407193017555",
                "1034093094379226089193018119292227342",
                "145210653924690128965576068777361130938",
                "249125821593539137599189937594613609651",
                "216053429238208885688305303682957014290",
                "214174725572188487758532365295282885160",
                "28785682590993992097307505480221195036",
                "332759731552220418969740106707492659700",
                "209786404104347266567667456753176208888",
                "85521901545499649847092385675765187195",
                "281331439510372984366868629732844593464",
                "158441154047303333911038000805020320145",
                "230141886154766383805561379022090151570",
                "102550283832403885841531053606531829034",
                "172531035314911984995602608488670639949",
                "335817628532143868526671290540852434433",
                "151971600051034553652642409545108183147",
                "310921510900628244847277647892567730893",
                "160988821208055740882515664223838144606",
                "138667129425405178768550701972266299813",
                "132303205500251645302658848881515004199",
                "130942307816734793472293577113779735834"
            ]
        },
        "id": "CVE-2017-13008-7c70fc92",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "function": "parse_elements",
            "file": "print-802_11.c"
        },
        "signature_type": "Function",
        "source": "https://github.com/the-tcpdump-group/tcpdump/commit/5edf405d7ed9fc92f4f43e8a3d44baa4c6387562",
        "digest": {
            "function_hash": "76277976981673223160164028935950658569",
            "length": 3454.0
        },
        "id": "CVE-2017-13008-fee004ee",
        "signature_version": "v1"
    }
]