CVE-2017-13040
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-13040
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-13040.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-13040
- Downstream
- Related
- Published
- 2017-09-14T06:29:02Z
- Modified
- 2025-10-13T06:58:07.992783Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.
- References
-
- http://www.debian.org/security/2017/dsa-3971
- http://www.securitytracker.com/id/1039307
- http://www.tcpdump.org/tcpdump-changes.txt
- https://access.redhat.com/errata/RHEA-2018:0705
- https://github.com/the-tcpdump-group/tcpdump/commit/4c3aee4bb0294c232d56b6d34e9eeb74f630fe8c
- https://security.gentoo.org/glsa/201709-23
- https://support.apple.com/HT208221
Affected packages
Git / github.com/the-tcpdump-group/tcpdump
Affected ranges
- Type
- GIT
- Repo
- https://github.com/the-tcpdump-group/tcpdump
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
tcpdump-3.*
tcpdump-3.5.1
tcpdump-3.6.1
tcpdump-3.7.1
tcpdump-3.8-bp
tcpdump-4.*
tcpdump-4.5.0
tcpdump-4.6.0
tcpdump-4.6.0-bp
tcpdump-4.7.0-bp
tcpdump-4.9.0-bp
Database specific
{
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://github.com/the-tcpdump-group/tcpdump/commit/4c3aee4bb0294c232d56b6d34e9eeb74f630fe8c",
"deprecated": false,
"id": "CVE-2017-13040-1a32e23d",
"signature_type": "Function",
"digest": {
"length": 292.0,
"function_hash": "149289269210300368877948464289125886636"
},
"target": {
"file": "print-mptcp.c",
"function": "mp_dss_len"
}
},
{
"signature_version": "v1",
"source": "https://github.com/the-tcpdump-group/tcpdump/commit/4c3aee4bb0294c232d56b6d34e9eeb74f630fe8c",
"deprecated": false,
"id": "CVE-2017-13040-4a44f036",
"signature_type": "Function",
"digest": {
"length": 1090.0,
"function_hash": "115113868048833612989905763553185272988"
},
"target": {
"file": "print-mptcp.c",
"function": "mp_dss_print"
}
},
{
"signature_version": "v1",
"source": "https://github.com/the-tcpdump-group/tcpdump/commit/4c3aee4bb0294c232d56b6d34e9eeb74f630fe8c",
"deprecated": false,
"id": "CVE-2017-13040-94e7a223",
"signature_type": "Function",
"digest": {
"length": 1007.0,
"function_hash": "123477414917799137847310290251493575392"
},
"target": {
"file": "print-mptcp.c",
"function": "mp_join_print"
}
},
{
"signature_version": "v1",
"source": "https://github.com/the-tcpdump-group/tcpdump/commit/4c3aee4bb0294c232d56b6d34e9eeb74f630fe8c",
"deprecated": false,
"id": "CVE-2017-13040-a8ed9d24",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"93190240881347835246722243666573112304",
"70855635515785349428299759792128239660",
"297396432376449089260317951347313562102",
"98062044302491389874269132693371196909",
"146305333581506304626434501942631997983",
"220638378375047387680969444463147456697",
"6620550358785242452871912769719821758",
"51135041605402199213325120337947596605",
"262399405073449951259031745480976549412",
"69004193498316301403076514562110382015",
"292859506668500452070250549688671583252",
"336943224953604874465187610808892021930",
"266557296601182865387023966106372834294",
"53609704366388345375283992956665965156",
"196026732900564525607327221862010116533",
"157078669116610267863036532637938509152",
"183006953262866046420297432653570335794",
"86676533478606018733245712071641001157",
"75084676669396332994766629949165765485",
"115356938794095728760515212099211369879",
"245376015005167909853470701820838986899",
"196809175774273555273320443807871934255",
"84491524050525597658692491766966367407",
"113897487970483868525364177800484968740",
"114708907366650472062612940818719854456",
"269391363235166521812671835658856644624",
"137173400538161393720190376048044140058",
"272592100600461021256605895391267314766",
"263919560382377776482573540234308164396",
"92656689899839399687732823894761493205",
"161218752549466797674287689263476330488",
"295542887781937266877669166905763604679",
"43928838613572668962539194403869635016",
"141146078800833594475831811101348007524",
"256214417694125540534598486624143339846",
"4970104687644394391617437175977807158",
"8378448981372542342253874066935028880",
"17737485250048290027917621473976221962",
"104906119851784625272243359684805082762",
"238051892413470962213959967851503259859",
"220166466867270786265343987424888588459",
"15175401365066520578241270054121567600",
"198008891560917412614326597175466411188",
"101927418865186341471191330143027226039",
"53815777605899695153245430599131040150",
"9885257140092283003312137367866416959",
"337884753507624122991439824994835914499",
"143059308130579002234986246806944255312",
"246516021993760246507984005592064912672",
"50028500996018536088379985819629745375",
"81861833528980780543201233323008529412",
"15175401365066520578241270054121567600",
"198008891560917412614326597175466411188",
"101927418865186341471191330143027226039",
"2032651688856025482453806503897778726",
"61033630690440186826642354108588359847",
"311764571616330757034112354091222593939",
"332452341679817671547387899717209356949",
"299752817102494396569493633994368646538",
"197978489739725840457214495348425412768",
"255132433542244586756073099954922686795",
"26933712174257974969883149343363520814",
"330721030244498386900150197378158951467",
"189825879627495670782481280907387652693"
]
},
"target": {
"file": "print-mptcp.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/the-tcpdump-group/tcpdump/commit/4c3aee4bb0294c232d56b6d34e9eeb74f630fe8c",
"deprecated": false,
"id": "CVE-2017-13040-deeb94ff",
"signature_type": "Function",
"digest": {
"length": 689.0,
"function_hash": "172192805218409241890078308098541939597"
},
"target": {
"file": "print-mptcp.c",
"function": "mp_capable_print"
}
}
]
}