CVE-2017-5204 — CRITICAL (9.8)

Q: What is CVE-2017-5204?

CVE-2017-5204 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().

Q: How severe is CVE-2017-5204?

CVE-2017-5204 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2017-5204?

Check the references section above for vendor advisories and patch information. Affected products include: Tcpdump Tcpdump, Debian Debian Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus.

Vulnerability Description

The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Tcpdump	Tcpdump	< 4.9.0
Debian	Debian Linux	8.0
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	7.4
Redhat	Enterprise Linux Server Eus	7.4
Redhat	Enterprise Linux Server Tus	7.6
Redhat	Enterprise Linux Workstation	7.0

Related Weaknesses (CWE)

CWE-119

References

http://www.debian.org/security/2017/dsa-3775Third Party Advisory
http://www.securityfocus.com/bid/95852Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1037755Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2017:1871Third Party Advisory
https://security.gentoo.org/glsa/201702-30Third Party Advisory
https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html
http://www.debian.org/security/2017/dsa-3775Third Party Advisory
http://www.securityfocus.com/bid/95852Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1037755Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2017:1871Third Party Advisory
https://security.gentoo.org/glsa/201702-30Third Party Advisory
https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html

FAQ

What is CVE-2017-5204?

CVE-2017-5204 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().

How severe is CVE-2017-5204?

CVE-2017-5204 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-5204?

Check the references section above for vendor advisories and patch information. Affected products include: Tcpdump Tcpdump, Debian Debian Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus.