Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2018-14880

Disclosure Date: October 03, 2019
CVE-2018-14880 CVSS v3 Base Score: 7.5
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.5 High
Impact Score:
3.6
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2018-14880 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14880)
Advisory
https://github.com/the-tcpdump-group/tcpdump/commit/e01c9bf76740802025c9328901b55ee4a0c49ed6
[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update (https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
20191021 [SECURITY] [DSA 4547-1] tcpdump security update (https://seclists.org/bugtraq/2019/Oct/28)
DSA-4547 (https://www.debian.org/security/2019/dsa-4547)
FEDORA-2019-85d92df70f (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU)
FEDORA-2019-d06bc63433 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN)
https://support.f5.com/csp/article/K56551263?utm_source=f5support&utm_medium=RSS
FEDORA-2019-6db0d5b9d9 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN)
https://support.apple.com/kb/HT210788
20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra (https://seclists.org/bugtraq/2019/Dec/23)
20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra (http://seclists.org/fulldisclosure/2019/Dec/26)
https://security.netapp.com/advisory/ntap-20200120-0001
USN-4252-2 (https://usn.ubuntu.com/4252-2)
USN-4252-1 (https://usn.ubuntu.com/4252-1)
Miscellaneous
https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis