CVE-2017-13045

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-13045
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-13045.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-13045
Downstream
Related
Published
2017-09-14T06:29:02Z
Modified
2025-10-15T08:45:32.234884Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print().

References

Affected packages

Git / github.com/the-tcpdump-group/tcpdump

Affected ranges

Type
GIT
Repo
https://github.com/the-tcpdump-group/tcpdump
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
3b36ec4e713dea9266db11975066c425aa669b6c

Affected versions

tcpdump-3.*

tcpdump-3.5.1
tcpdump-3.6.1
tcpdump-3.7.1
tcpdump-3.8-bp

tcpdump-4.*

tcpdump-4.5.0
tcpdump-4.6.0
tcpdump-4.6.0-bp
tcpdump-4.7.0-bp
tcpdump-4.9.0-bp

Database specific

vanir_signatures

[
    {
        "id": "CVE-2017-13045-3c4368fb",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "print-vqp.c"
        },
        "source": "https://github.com/the-tcpdump-group/tcpdump/commit/3b36ec4e713dea9266db11975066c425aa669b6c",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "272522003813118362677178464342078058387",
                "316139435299036424401015628519712969473",
                "131142329228664469249920639485436032410",
                "218478738086230639160194642111676993476",
                "252421222069950615644267872630908777078",
                "118688369811563191406487949962803266039",
                "162369114559813982855640635212188300246",
                "302981485012014710492419985438753117433",
                "322242065680633757249828484611848075936",
                "236922600281484687611185782890763934993",
                "271321227562903627403077987613882676090",
                "249560595724104091415542201273501128372",
                "100875815784053819047714720123785366076",
                "224835907293489308144435579210463276349",
                "324321968080582978474811802669939359036",
                "125511044905419819201276440238369183958",
                "64109314738826645677579017398217347607",
                "98089374504474000101270893773187130024",
                "75277682345216293558023747865287022484",
                "35821647221402893392159091949305455471",
                "202314777743516317117442081931460994407",
                "166091574124418988266235842988383183999",
                "267429705986391991734287465959976635851",
                "43376982255703048075731002739204747405",
                "322610880899306975157266554535324078601",
                "67704153429287100302371561066034310351",
                "6171357408235793077446361733664327409"
            ],
            "threshold": 0.9
        }
    },
    {
        "id": "CVE-2017-13045-f35d81fb",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "print-vqp.c",
            "function": "vqp_print"
        },
        "source": "https://github.com/the-tcpdump-group/tcpdump/commit/3b36ec4e713dea9266db11975066c425aa669b6c",
        "signature_type": "Function",
        "digest": {
            "length": 2172.0,
            "function_hash": "13069874553304098996255756924300644675"
        }
    }
]