The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print().
{ "vanir_signatures": [ { "id": "CVE-2017-13049-898e826f", "signature_type": "Line", "target": { "file": "print-rx.c" }, "digest": { "line_hashes": [ "63843967416797515597997360256191610585", "133301679981428652742298382070126201795", "142469259638275130741321571653572169640", "249635146459317272050707311722977492639" ], "threshold": 0.9 }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/the-tcpdump-group/tcpdump/commit/aa0858100096a3490edf93034a80e66a4d61aad5" }, { "id": "CVE-2017-13049-9a5ffba1", "signature_type": "Function", "target": { "file": "print-rx.c", "function": "ubik_print" }, "digest": { "function_hash": "282429154980108806745126512576029203986", "length": 1964.0 }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/the-tcpdump-group/tcpdump/commit/aa0858100096a3490edf93034a80e66a4d61aad5" } ] }