The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvpobjprint().
{ "vanir_signatures": [ { "digest": { "line_hashes": [ "296541756731426330069776477499530896397", "191628104443741256995002649103983878868", "16173778435283798840157826153922127197", "113095479060347566279293252340966438468", "182702277319804693019024252064670869473", "146743650692857934807007590163225524180", "121251895334959889347458961308661872550", "257473992594533652955602233490357527660" ], "threshold": 0.9 }, "signature_type": "Line", "id": "CVE-2017-13051-7c7edbd7", "signature_version": "v1", "target": { "file": "print-rsvp.c" }, "source": "https://github.com/the-tcpdump-group/tcpdump/commit/289c672020280529fd382f3502efab7100d638ec", "deprecated": false }, { "digest": { "length": 24635.0, "function_hash": "143209197654901375272833686283479372671" }, "signature_type": "Function", "id": "CVE-2017-13051-9ae95d1b", "signature_version": "v1", "target": { "function": "rsvp_obj_print", "file": "print-rsvp.c" }, "source": "https://github.com/the-tcpdump-group/tcpdump/commit/289c672020280529fd382f3502efab7100d638ec", "deprecated": false } ] }