7.8
HIGH
CVE-2018-16301
Tcpdump Command-Line Argument Parser Buffer Overflow
Description

The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump.

INFO

Published Date :

Oct. 3, 2019, 4:15 p.m.

Last Modified :

Nov. 7, 2023, 2:53 a.m.

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

1.8
Public PoC/Exploit Available at Github

CVE-2018-16301 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2018-16301 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Tcpdump tcpdump
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2018-16301.

URL Resource
https://github.com/the-tcpdump-group/tcpdump/commit/ad7c25bc0decf96dc7768c9e903734d38528b1bd

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

BoltWrt是一款嵌入式路由器系统,它在OpenWrt的基础上,针对中国的用户需求和网络环境,添加了很多高级功能和特性.它的目标是打造一个高效,稳定,安全,易用的路由器系统.

openwrt

Makefile Awk Shell C Assembly C++ M4 CMake Perl Lex

Updated: 4 months ago
41 stars 9 fork 9 watcher
Born at : Jan. 22, 2021, 4:43 a.m. This repo has been linked 5 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2018-16301 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2018-16301 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Nov. 07, 2023

    Action Type Old Value New Value
    Added Reference Tcpdump Group https://github.com/the-tcpdump-group/tcpdump/commit/ad7c25bc0decf96dc7768c9e903734d38528b1bd [No types assigned]
    Removed Reference MITRE https://github.com/the-tcpdump-group/tcpdump/commit/ad7c25bc0decf96dc7768c9e903734d38528b1bd
    Added CWE Tcpdump Group CWE-190
    Added CWE Tcpdump Group CWE-787
    Removed CWE MITRE CWE-787
    Removed CWE MITRE CWE-190
  • CVE Source Update by [email protected]

    Nov. 07, 2023

    Action Type Old Value New Value
    Changed Source MITRE Tcpdump Group
  • Modified Analysis by [email protected]

    Feb. 14, 2022

    Action Type Old Value New Value
    Added CVSS V2 Metadata Victim must voluntarily interact with attack mechanism
    Added CVSS V2 NIST (AV:L/AC:M/Au:N/C:P/I:P/A:P)
    Added CVSS V3.1 NIST AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    Changed Reference Type https://github.com/the-tcpdump-group/tcpdump/commit/ad7c25bc0decf96dc7768c9e903734d38528b1bd No Types Assigned https://github.com/the-tcpdump-group/tcpdump/commit/ad7c25bc0decf96dc7768c9e903734d38528b1bd Patch, Third Party Advisory
    Added CWE NIST CWE-120
    Added CPE Configuration OR *cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:* versions up to (excluding) 4.99.0
  • CVE Modified by [email protected]

    Feb. 09, 2022

    Action Type Old Value New Value
    Changed Description ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump.
    Added Reference https://github.com/the-tcpdump-group/tcpdump/commit/ad7c25bc0decf96dc7768c9e903734d38528b1bd [No Types Assigned]
    Added CWE MITRE CWE-190
    Added CWE MITRE CWE-787
  • CVE Unrejected by [email protected]

    Feb. 09, 2022

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Mar. 05, 2020

    Action Type Old Value New Value
    Changed Description libpcap before 1.9.1, as used in tcpdump before 4.9.3, has a buffer overflow and/or over-read because of errors in pcapng reading. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
    Removed Reference http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html [Mailing List, Third Party Advisory]
    Removed Reference http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.html [Mailing List, Third Party Advisory]
    Removed Reference http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00052.html [Mailing List, Third Party Advisory]
    Removed Reference http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html [Mailing List, Third Party Advisory]
    Removed Reference http://seclists.org/fulldisclosure/2019/Dec/26 [No Types Assigned]
    Removed Reference https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES [Release Notes, Third Party Advisory]
    Removed Reference https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES [Release Notes, Third Party Advisory]
    Removed Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/ [No Types Assigned]
    Removed Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ [No Types Assigned]
    Removed Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ [No Types Assigned]
    Removed Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/ [No Types Assigned]
    Removed Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ [No Types Assigned]
    Removed Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/ [No Types Assigned]
    Removed Reference https://seclists.org/bugtraq/2019/Dec/23 [No Types Assigned]
    Removed Reference https://support.apple.com/kb/HT210788 [No Types Assigned]
    Removed Reference https://support.f5.com/csp/article/K86252029?utm_source=f5support&utm_medium=RSS [No Types Assigned]
  • CVE Rejected by [email protected]

    Mar. 05, 2020

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Dec. 13, 2019

    Action Type Old Value New Value
    Added Reference http://seclists.org/fulldisclosure/2019/Dec/26 [No Types Assigned]
  • CVE Modified by [email protected]

    Dec. 11, 2019

    Action Type Old Value New Value
    Added Reference https://seclists.org/bugtraq/2019/Dec/23 [No Types Assigned]
  • CVE Modified by [email protected]

    Dec. 10, 2019

    Action Type Old Value New Value
    Added Reference https://support.apple.com/kb/HT210788 [No Types Assigned]
  • CVE Modified by [email protected]

    Nov. 06, 2019

    Action Type Old Value New Value
    Added Reference https://support.f5.com/csp/article/K86252029?utm_source=f5support&utm_medium=RSS [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 30, 2019

    Action Type Old Value New Value
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 28, 2019

    Action Type Old Value New Value
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 27, 2019

    Action Type Old Value New Value
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/ [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 27, 2019

    Action Type Old Value New Value
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/ [No Types Assigned]
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/ [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 25, 2019

    Action Type Old Value New Value
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ [No Types Assigned]
  • Modified Analysis by [email protected]

    Oct. 22, 2019

    Action Type Old Value New Value
    Changed Reference Type http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html No Types Assigned http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html Mailing List, Third Party Advisory
    Changed Reference Type http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.html No Types Assigned http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.html Mailing List, Third Party Advisory
    Changed Reference Type http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00052.html No Types Assigned http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00052.html Mailing List, Third Party Advisory
    Changed Reference Type http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html No Types Assigned http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html Mailing List, Third Party Advisory
    Changed Reference Type https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES Release Notes, Vendor Advisory https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES Release Notes, Third Party Advisory
    Added CPE Configuration OR *cpe:2.3:a:tcpdump:libpcap:*:*:*:*:*:*:*:* versions up to (excluding) 1.9.1
  • CVE Modified by [email protected]

    Oct. 21, 2019

    Action Type Old Value New Value
    Added Reference http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html [No Types Assigned]
    Added Reference http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00052.html [No Types Assigned]
    Added Reference http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.html [No Types Assigned]
    Added Reference http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html [No Types Assigned]
  • Initial Analysis by [email protected]

    Oct. 07, 2019

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES No Types Assigned https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES Release Notes, Vendor Advisory
    Changed Reference Type https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES No Types Assigned https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES Release Notes, Third Party Advisory
    Added CWE CWE-120
    Added CPE Configuration OR *cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:* versions up to (excluding) 4.9.3
  • CVE Modified by [email protected]

    Oct. 03, 2019

    Action Type Old Value New Value
    Changed Description libpcap, as used in tcpdump before 4.9.3, has a buffer overflow and/or over-read. libpcap before 1.9.1, as used in tcpdump before 4.9.3, has a buffer overflow and/or over-read because of errors in pcapng reading.
    Added Reference https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES [No Types Assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2018-16301 is associated with the following CWEs:

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.10 }} 0.00%

score

0.39380

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability