CVE-2017-5484 The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print()
High
I
Internet Bug Bounty
Submitted None
Actions:
Reported by
geeknik
Vulnerability Details
Technical details and impact analysis
Reported to the project maintainers in 2016. The function sig_print() did receive a correct caplen parameter value but didn't use it correctly which could result in a read outside of buffer. Fixed by https://github.com/the-tcpdump-group/tcpdump/commit/5d214e36eed3565fbdc0f9b527bbc33a6bb63972.
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Memory Corruption - Generic