CVE-2017-13039
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-13039
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-13039.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-13039
- Downstream
- Related
- Published
- 2017-09-14T06:29:02Z
- Modified
- 2025-09-16T06:40:01.575428Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.
- References
-
- http://www.debian.org/security/2017/dsa-3971
- http://www.securitytracker.com/id/1039307
- http://www.tcpdump.org/tcpdump-changes.txt
- https://access.redhat.com/errata/RHEA-2018:0705
- https://github.com/the-tcpdump-group/tcpdump/commit/e0a5a02b0fc1900a69d6c37ed0aab36fb8494e6d
- https://security.gentoo.org/glsa/201709-23
- https://support.apple.com/HT208221
Affected packages
Debian:11 / tcpdump
Package
- Name
- tcpdump
- Purl
- pkg:deb/debian/tcpdump?arch=source
Debian:12 / tcpdump
Package
- Name
- tcpdump
- Purl
- pkg:deb/debian/tcpdump?arch=source
Debian:13 / tcpdump
Package
- Name
- tcpdump
- Purl
- pkg:deb/debian/tcpdump?arch=source
Debian:14 / tcpdump
Package
- Name
- tcpdump
- Purl
- pkg:deb/debian/tcpdump?arch=source
Git / github.com/the-tcpdump-group/tcpdump
Affected ranges
- Type
- GIT
- Repo
- https://github.com/the-tcpdump-group/tcpdump
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
tcpdump-3.*
tcpdump-3.5.1
tcpdump-3.6.1
tcpdump-3.7.1
tcpdump-3.8-bp
tcpdump-4.*
tcpdump-4.5.0
tcpdump-4.6.0
tcpdump-4.6.0-bp
tcpdump-4.7.0-bp
tcpdump-4.9.0-bp
Database specific
{
"vanir_signatures": [
{
"target": {
"function": "ikev1_attr_print",
"file": "print-isakmp.c"
},
"digest": {
"length": 768.0,
"function_hash": "224391851443219811082086096763818272586"
},
"signature_version": "v1",
"source": "https://github.com/the-tcpdump-group/tcpdump/commit/e0a5a02b0fc1900a69d6c37ed0aab36fb8494e6d",
"id": "CVE-2017-13039-19858b0b",
"signature_type": "Function",
"deprecated": false
},
{
"target": {
"function": "ikev1_t_print",
"file": "print-isakmp.c"
},
"digest": {
"length": 1701.0,
"function_hash": "312142484230673655386386597708511438770"
},
"signature_version": "v1",
"source": "https://github.com/the-tcpdump-group/tcpdump/commit/e0a5a02b0fc1900a69d6c37ed0aab36fb8494e6d",
"id": "CVE-2017-13039-5b934dc8",
"signature_type": "Function",
"deprecated": false
},
{
"target": {
"function": "ikev1_attrmap_print",
"file": "print-isakmp.c"
},
"digest": {
"length": 1105.0,
"function_hash": "189758025507700063010500922484976508751"
},
"signature_version": "v1",
"source": "https://github.com/the-tcpdump-group/tcpdump/commit/e0a5a02b0fc1900a69d6c37ed0aab36fb8494e6d",
"id": "CVE-2017-13039-61881942",
"signature_type": "Function",
"deprecated": false
},
{
"target": {
"function": "ikev1_n_print",
"file": "print-isakmp.c"
},
"digest": {
"length": 4308.0,
"function_hash": "241780913660678405657776935643926993404"
},
"signature_version": "v1",
"source": "https://github.com/the-tcpdump-group/tcpdump/commit/e0a5a02b0fc1900a69d6c37ed0aab36fb8494e6d",
"id": "CVE-2017-13039-66cad6ee",
"signature_type": "Function",
"deprecated": false
},
{
"target": {
"function": "ikev2_t_print",
"file": "print-isakmp.c"
},
"digest": {
"length": 1616.0,
"function_hash": "323000904602062630223812049619870840299"
},
"signature_version": "v1",
"source": "https://github.com/the-tcpdump-group/tcpdump/commit/e0a5a02b0fc1900a69d6c37ed0aab36fb8494e6d",
"id": "CVE-2017-13039-b003ab5f",
"signature_type": "Function",
"deprecated": false
},
{
"target": {
"file": "print-isakmp.c"
},
"digest": {
"line_hashes": [
"20626677014629214071495485440344307998",
"331790872994650490802022602907852061488",
"273335324220526955219179324316838991015",
"186151974592412856535851628549426431837",
"273993949045185580901851216415477574203",
"169403004813666168255875512203381233033",
"142370433514095922786659944820755157150",
"232212673173496754987250566255953374699",
"97496797477369510150317378414540491515",
"153772200450374883778390232279909719224",
"297118495564144347197315667786167790502",
"202612294792834499589737171538276812478",
"104168145775123740761061441993715556871",
"104860182811461733580078775777959267082",
"134252326896599868941259995356716388655",
"1853046157595131728417256599709725406",
"254428137138544373423029412520894988289",
"325881904904884363561444164496793083083",
"48733999776900934846994513490980526972",
"174687769863673365972483103485572623281",
"216932017518905914947123378945388170489",
"274617866799908898411282506651426787407",
"136028798170095129594645436338591292762",
"339743098822412697802817732810005835056",
"266269102710318083728317413788722910319",
"321483475798846368478913218505705935868",
"238271384759741211144236999226097279698",
"34482695416575831144265971183672626556",
"231597030222055917447569124552101184244",
"177988419385459663471356759828101835281",
"309067964966666719643233892772424499984",
"324092973781808207087219780625406828032",
"141933749472876824918347076772496047111",
"299687662501686118080916274690709672460",
"25928827822595752737539432040489820396",
"101158528412636453514559638825239783130",
"48769492350218450087682625180659606119",
"97496797477369510150317378414540491515",
"153772200450374883778390232279909719224",
"297118495564144347197315667786167790502",
"202612294792834499589737171538276812478",
"104168145775123740761061441993715556871",
"104860182811461733580078775777959267082",
"134252326896599868941259995356716388655",
"170926362807589682146687742055905703945",
"103512732611198977652092351386416689872",
"87341862661062190259438025176381369072",
"220745158525973940863004379546833396203",
"115258174205574787647929006908182485431",
"9898143534388090706145502044150264222",
"111443593748593373108160937527277006202",
"266269102710318083728317413788722910319",
"321483475798846368478913218505705935868",
"238271384759741211144236999226097279698",
"34482695416575831144265971183672626556",
"231597030222055917447569124552101184244",
"177988419385459663471356759828101835281",
"113274968287191189117278219291443426833",
"103780475132905170770439852154836974419",
"299497188651628565505770463259875624718",
"180573121368563107884781029392162189625",
"61512361771213567889544937665506195940",
"169520048829948692909037180447419225338",
"318938018202471665219730316462539390751",
"265119689157827092082352066002032705404",
"263099850446143421416913158543172427569",
"67869046396819355686182708867591250745",
"165285378143747096266536037316854575856",
"171401995158303400488483894450341317334",
"221849145091686396081279548081063323697",
"126093272220882510834726197112684250521",
"299497188651628565505770463259875624718",
"180573121368563107884781029392162189625",
"61512361771213567889544937665506195940",
"169520048829948692909037180447419225338",
"318938018202471665219730316462539390751",
"265119689157827092082352066002032705404",
"263099850446143421416913158543172427569"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/the-tcpdump-group/tcpdump/commit/e0a5a02b0fc1900a69d6c37ed0aab36fb8494e6d",
"id": "CVE-2017-13039-e0f3c586",
"signature_type": "Line",
"deprecated": false
}
]
}