CVE-2017-13022
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-13022
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-13022.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-13022
- Downstream
- Related
- Published
- 2017-09-14T06:29:02Z
- Modified
- 2025-10-13T06:57:56.955450Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute().
- References
-
- http://www.debian.org/security/2017/dsa-3971
- http://www.securitytracker.com/id/1039307
- http://www.tcpdump.org/tcpdump-changes.txt
- https://access.redhat.com/errata/RHEA-2018:0705
- https://github.com/the-tcpdump-group/tcpdump/commit/eee0b04bcfdae319c242b0b8fc3d07029ee65b8c
- https://security.gentoo.org/glsa/201709-23
- https://support.apple.com/HT208221
Affected packages
Git / github.com/the-tcpdump-group/tcpdump
Affected ranges
- Type
- GIT
- Repo
- https://github.com/the-tcpdump-group/tcpdump
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
tcpdump-3.*
tcpdump-3.5.1
tcpdump-3.6.1
tcpdump-3.7.1
tcpdump-3.8-bp
tcpdump-4.*
tcpdump-4.5.0
tcpdump-4.6.0
tcpdump-4.6.0-bp
tcpdump-4.7.0-bp
tcpdump-4.9.0-bp
Database specific
{
"vanir_signatures": [
{
"signature_type": "Function",
"digest": {
"length": 596.0,
"function_hash": "123165594716226374072612119953052349352"
},
"deprecated": false,
"id": "CVE-2017-13022-0362e827",
"target": {
"function": "ip_printroute",
"file": "print-ip.c"
},
"signature_version": "v1",
"source": "https://github.com/the-tcpdump-group/tcpdump/commit/eee0b04bcfdae319c242b0b8fc3d07029ee65b8c"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"1703503926721153439612063356669374998",
"55971060995458297747371627312930637408",
"191965866893899249307730362287328951213",
"335563951198771229787074253736712471194",
"146824962707302787888754114797462037914",
"293222358303371640007516707668731196863",
"168372040183320671483207524346582011066",
"91634231847505838765402727594796801311",
"198200953870990064268698389836458319698",
"16125893791757920208416590438974946885",
"87759674695105364466609514446082999806",
"86800151968258324071778690655352783368",
"40618759338100395877255223291350189937",
"138679264629610268822577515270853755742",
"317289161516197162683451545575295577304",
"222366130037876000739021390466277659386",
"274544525196487618876390350380502766706",
"37734716822424090496436291616264790154",
"44477331842281623064229501389099786701",
"286784534051773562457314809747096614509",
"44809046069123694497958311740991151102",
"198311724748209008650073301339093956168",
"99730768856670468546215193624344741958"
]
},
"deprecated": false,
"id": "CVE-2017-13022-be0f012a",
"target": {
"file": "print-ip.c"
},
"signature_version": "v1",
"source": "https://github.com/the-tcpdump-group/tcpdump/commit/eee0b04bcfdae319c242b0b8fc3d07029ee65b8c"
},
{
"signature_type": "Function",
"digest": {
"length": 1226.0,
"function_hash": "165226726622269549230475447364557567453"
},
"deprecated": false,
"id": "CVE-2017-13022-bf791caf",
"target": {
"function": "ip_optprint",
"file": "print-ip.c"
},
"signature_version": "v1",
"source": "https://github.com/the-tcpdump-group/tcpdump/commit/eee0b04bcfdae319c242b0b8fc3d07029ee65b8c"
}
]
}