CVE-2018-16301 - OpenCVE

The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Tcpdump	Tcpdump

Configuration 1 [-]

cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/the-tcpdump-group/tcpdump/commit/ad7c25bc0decf96dc7768c9e903734d38528b1bd

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Tcpdump

Published: 2019-10-03T15:55:20

Updated: 2022-02-09T17:11:35

Reserved: 2018-08-31T00:00:00

Link: CVE-2018-16301

JSON object: View

NVD Information

Status : Modified

Published: 2019-10-03T16:15:12.693

Modified: 2023-11-07T02:53:44.510

Link: CVE-2018-16301

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "tcpdump", "vendor": "The Tcpdump Group", "versions": [{"lessThan": "4.99.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Include Security and Mozilla Secure Open Source program"}], "descriptions": [{"lang": "en", "value": "The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "CWE-190 integer overflow or wraparound", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 out-of-bounds write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-02-09T17:11:35", "orgId": "cfdbb673-b408-4d03-89c1-c3d73ed80896", "shortName": "Tcpdump"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/the-tcpdump-group/tcpdump/commit/ad7c25bc0decf96dc7768c9e903734d38528b1bd"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@tcpdump.org", "ID": "CVE-2018-16301", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "tcpdump", "version": {"version_data": [{"version_affected": "<", "version_value": "4.99.0"}]}}]}, "vendor_name": "The Tcpdump Group"}]}}, "credit": [{"lang": "eng", "value": "Include Security and Mozilla Secure Open Source program"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-190 integer overflow or wraparound"}]}, {"description": [{"lang": "eng", "value": "CWE-787 out-of-bounds write"}]}]}, "references": {"reference_data": [{"name": "https://github.com/the-tcpdump-group/tcpdump/commit/ad7c25bc0decf96dc7768c9e903734d38528b1bd", "refsource": "CONFIRM", "url": "https://github.com/the-tcpdump-group/tcpdump/commit/ad7c25bc0decf96dc7768c9e903734d38528b1bd"}]}}}}, "cveMetadata": {"assignerOrgId": "cfdbb673-b408-4d03-89c1-c3d73ed80896", "assignerShortName": "Tcpdump", "cveId": "CVE-2018-16301", "datePublished": "2019-10-03T15:55:20", "dateReserved": "2018-08-31T00:00:00", "dateUpdated": "2022-02-09T17:11:35", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D6D00F8-B312-4B6B-A216-186D4FFB73CA", "versionEndExcluding": "4.99.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump."}, {"lang": "es", "value": "El analizador de argumentos de la l\u00ednea de comandos en tcpdump antes de la versi\u00f3n 4.99.0 tiene un desbordamiento de b\u00fafer en tcpdump.c:read_infile(). Para desencadenar esta vulnerabilidad, el atacante necesita crear un archivo de 4GB en el sistema de archivos local y especificar el nombre del archivo como valor del argumento de l\u00ednea de comandos -F de tcpdump"}], "id": "CVE-2018-16301", "lastModified": "2023-11-07T02:53:44.510", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-03T16:15:12.693", "references": [{"source": "security@tcpdump.org", "url": "https://github.com/the-tcpdump-group/tcpdump/commit/ad7c25bc0decf96dc7768c9e903734d38528b1bd"}], "sourceIdentifier": "security@tcpdump.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-190"}, {"lang": "en", "value": "CWE-787"}], "source": "security@tcpdump.org", "type": "Secondary"}]}