CVE-2017-13052

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-13052
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-13052.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-13052
Downstream
Related
Published
2017-09-14T06:29:03Z
Modified
2025-10-15T08:45:34.783728Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print().

References

Affected packages

Git / github.com/the-tcpdump-group/tcpdump

Affected ranges

Type
GIT
Repo
https://github.com/the-tcpdump-group/tcpdump
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5d340a5ca6e420a70297cdbdf777333f18bfdab7

Affected versions

tcpdump-3.*

tcpdump-3.5.1
tcpdump-3.6.1
tcpdump-3.7.1
tcpdump-3.8-bp

tcpdump-4.*

tcpdump-4.5.0
tcpdump-4.6.0
tcpdump-4.6.0-bp
tcpdump-4.7.0-bp
tcpdump-4.9.0-bp

Database specific

vanir_signatures

[
    {
        "digest": {
            "function_hash": "232540731291277148770520456182036462916",
            "length": 485.0
        },
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/the-tcpdump-group/tcpdump/commit/5d340a5ca6e420a70297cdbdf777333f18bfdab7",
        "id": "CVE-2017-13052-8a931cb0",
        "signature_type": "Function",
        "target": {
            "function": "cfm_network_addr_print",
            "file": "print-cfm.c"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "80741822462077441123503422963199184776",
                "150265555908817854105750076591173984920",
                "201090491638076749405111983985118832302",
                "15132964559816111241084487024918645654",
                "6823738298761561224379280241936812706",
                "327056877712625019181926988083714273239",
                "238059367858253378455425665825975017676",
                "186688970415895555014910777708615584904",
                "83822530283452535160876622983499961331",
                "143941441490390697267295529609839546801",
                "152005731806711978043946382994559237914",
                "46029461272162785421752664499464009865",
                "291674265046957254903997936971976882156",
                "133728706966789918636936938310637617590",
                "165194018126357890257804646042374864591",
                "153487549578650442071668972683637831840",
                "60466690142558060555644709748607674937",
                "162207167696064250715763758854224096924",
                "159977122852790163271542853092652331099",
                "200623859406511419853169001114125208684",
                "185277800806865906708584170097942020162",
                "228507359396161778641967714137889176977",
                "157536928035373841109276507018729370468",
                "205316541307473025297198188226625163932",
                "323382930511496270419326466496138005160",
                "251288258842993913982240343963169696240",
                "56961560939322156693871682100314060658",
                "117389890032957458971154799636246436735",
                "163512650367956459129522207465886539014",
                "340060252396749594433589744882227383569",
                "243493027649654260348499606766819978390",
                "325632913464661676582211132197644031851",
                "285626316298976758187202063763394068566",
                "104535032867544338110140263579457124772",
                "30094850566290566754303488641533825293",
                "240745086768054425757097496122829369768",
                "9395181234138121465540071625295776081",
                "313035326130967938293090546681618081401",
                "160411019969075850623252656029467154206",
                "58759855390860034822024603927379593231",
                "186037650784257969430037123461113528018",
                "156947453081944320649927394023279099679",
                "187336350945291249891928149201368867277",
                "235625617398205255566474064890310401351",
                "278096600700421000357220850086419134705",
                "116883193010023990608476468737250289876",
                "210240921173319399228781462804237859203",
                "52621746983056507435217092065663319124",
                "68898828070657277399040415191913678539",
                "266101808855159814341500180894444449167",
                "284305812833742402090124447950746102500",
                "261676423988628951342712455069875734952",
                "169116614040360555801092475879572934897",
                "29322825681409494274159577514512711441",
                "329198458815204800680703944162628278773",
                "205316541307473025297198188226625163932",
                "247838775633360015907780489897699192500",
                "156947453081944320649927394023279099679",
                "187336350945291249891928149201368867277",
                "235625617398205255566474064890310401351",
                "278096600700421000357220850086419134705",
                "116883193010023990608476468737250289876",
                "210240921173319399228781462804237859203",
                "52621746983056507435217092065663319124",
                "284305812833742402090124447950746102500",
                "261676423988628951342712455069875734952",
                "84709343714629784651636225228239283628",
                "186848264368413900166907238867269186943",
                "189586465429336928909384022744067527862",
                "324486746029549912334155125643073166615"
            ]
        },
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/the-tcpdump-group/tcpdump/commit/5d340a5ca6e420a70297cdbdf777333f18bfdab7",
        "id": "CVE-2017-13052-e4be6252",
        "signature_type": "Line",
        "target": {
            "file": "print-cfm.c"
        }
    },
    {
        "digest": {
            "function_hash": "94995995543402001394332382772502495613",
            "length": 8767.0
        },
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/the-tcpdump-group/tcpdump/commit/5d340a5ca6e420a70297cdbdf777333f18bfdab7",
        "id": "CVE-2017-13052-e54351e2",
        "signature_type": "Function",
        "target": {
            "function": "cfm_print",
            "file": "print-cfm.c"
        }
    }
]