The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().
{ "vanir_signatures": [ { "id": "CVE-2018-16228-b4fb5fe4", "digest": { "line_hashes": [ "82653047130844687532075593832190286391", "39272921111180887065632568385857968378", "338787201149716761291721418575523493611", "310234425767405402204612877103249221795" ], "threshold": 0.9 }, "signature_version": "v1", "target": { "file": "print-hncp.c" }, "deprecated": false, "signature_type": "Line", "source": "https://github.com/the-tcpdump-group/tcpdump/commit/83a412a5275cac973c5841eca3511c766bed778d" }, { "id": "CVE-2018-16228-eb9858a7", "digest": { "length": 898.0, "function_hash": "35104176221753219027347632708859884390" }, "signature_version": "v1", "target": { "file": "print-hncp.c", "function": "print_prefix" }, "deprecated": false, "signature_type": "Function", "source": "https://github.com/the-tcpdump-group/tcpdump/commit/83a412a5275cac973c5841eca3511c766bed778d" } ] }