The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgpattrprint() (MPREACHNLRI).
{ "vanir_signatures": [ { "signature_type": "Line", "target": { "file": "print-bgp.c" }, "id": "CVE-2018-16230-9a647579", "digest": { "threshold": 0.9, "line_hashes": [ "43610044976955709605467277929666692207", "4231043045390326172261552862723390302", "178699250311010462728271707104938073149", "68137003183946825795492788143261705615", "58680085693386469582686586650184230683", "223256828386320241404011162594707821961" ] }, "source": "https://github.com/the-tcpdump-group/tcpdump/commit/13d52e9c0e7caf7e6325b0051bc90a49968be67f", "deprecated": false, "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "print-bgp.c", "function": "bgp_attr_print" }, "id": "CVE-2018-16230-b1fb06eb", "digest": { "length": 25664.0, "function_hash": "23036371250531912478826578935667230610" }, "source": "https://github.com/the-tcpdump-group/tcpdump/commit/13d52e9c0e7caf7e6325b0051bc90a49968be67f", "deprecated": false, "signature_version": "v1" } ] }