CVE-2017-13008

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-13008
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-13008.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-13008
Downstream
Related
Published
2017-09-14T06:29:01Z
Modified
2025-10-13T06:57:00.922687Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-80211.c:parseelements().

References

Affected packages

Git / github.com/the-tcpdump-group/tcpdump

Affected ranges

Type
GIT
Repo
https://github.com/the-tcpdump-group/tcpdump
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5edf405d7ed9fc92f4f43e8a3d44baa4c6387562

Affected versions

tcpdump-3.*

tcpdump-3.5.1
tcpdump-3.6.1
tcpdump-3.7.1
tcpdump-3.8-bp

tcpdump-4.*

tcpdump-4.5.0
tcpdump-4.6.0
tcpdump-4.6.0-bp
tcpdump-4.7.0-bp
tcpdump-4.9.0-bp

Database specific 

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://github.com/the-tcpdump-group/tcpdump/commit/5edf405d7ed9fc92f4f43e8a3d44baa4c6387562",
            "deprecated": false,
            "id": "CVE-2017-13008-7c70fc92",
            "signature_type": "Line",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "114890783988401520916887142771826743799",
                    "33700102445721614682793134944677885319",
                    "122087639788367034544124741603362620738",
                    "21976165256715018485154224407193017555",
                    "1034093094379226089193018119292227342",
                    "145210653924690128965576068777361130938",
                    "249125821593539137599189937594613609651",
                    "216053429238208885688305303682957014290",
                    "214174725572188487758532365295282885160",
                    "28785682590993992097307505480221195036",
                    "332759731552220418969740106707492659700",
                    "209786404104347266567667456753176208888",
                    "85521901545499649847092385675765187195",
                    "281331439510372984366868629732844593464",
                    "158441154047303333911038000805020320145",
                    "230141886154766383805561379022090151570",
                    "102550283832403885841531053606531829034",
                    "172531035314911984995602608488670639949",
                    "335817628532143868526671290540852434433",
                    "151971600051034553652642409545108183147",
                    "310921510900628244847277647892567730893",
                    "160988821208055740882515664223838144606",
                    "138667129425405178768550701972266299813",
                    "132303205500251645302658848881515004199",
                    "130942307816734793472293577113779735834"
                ]
            },
            "target": {
                "file": "print-802_11.c"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://github.com/the-tcpdump-group/tcpdump/commit/5edf405d7ed9fc92f4f43e8a3d44baa4c6387562",
            "deprecated": false,
            "id": "CVE-2017-13008-fee004ee",
            "signature_type": "Function",
            "digest": {
                "length": 3454.0,
                "function_hash": "76277976981673223160164028935950658569"
            },
            "target": {
                "file": "print-802_11.c",
                "function": "parse_elements"
            }
        }
    ]
}