CVE-2014-8769

CVSS V2 Medium 6.4 CVSS V3 None
Description
tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access.
Overview
  • CVE ID
  • CVE-2014-8769
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2014-11-20T17:50:06
  • Last Modified Date
  • 2018-10-09T19:54:45
Weakness Enumerations
CWE URL
CWE-119 http://cwe.mitre.org/data/definitions/119.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:redhat:tcpdump:3.8.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:redhat:tcpdump:3.8.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:redhat:tcpdump:3.9.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:redhat:tcpdump:3.9.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:redhat:tcpdump:3.9.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:redhat:tcpdump:3.9.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:redhat:tcpdump:3.9.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:redhat:tcpdump:3.9.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:redhat:tcpdump:3.9.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:redhat:tcpdump:4.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:redhat:tcpdump:4.1.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:redhat:tcpdump:4.1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:redhat:tcpdump:4.1.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:redhat:tcpdump:4.2.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:redhat:tcpdump:4.3.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:redhat:tcpdump:4.3.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:redhat:tcpdump:4.4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:redhat:tcpdump:4.5.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:redhat:tcpdump:4.5.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:redhat:tcpdump:4.5.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:redhat:tcpdump:4.6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:redhat:tcpdump:4.6.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:redhat:tcpdump:4.6.2:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:P/I:N/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • NONE
  • Availability Impact
  • PARTIAL
  • Base Score
  • 6.4
  • Severity
  • MEDIUM
  • Exploitability Score
  • 10
  • Impact Score
  • 4.9
References
Reference URL Reference Tags
http://seclists.org/fulldisclosure/2014/Nov/49 Exploit
http://www.securityfocus.com/bid/71153 Exploit
http://packetstormsecurity.com/files/129157/tcpdump-4.6.2-AOVD-Unreliable-Output.html Exploit
http://www.ubuntu.com/usn/USN-2433-1
http://www.debian.org/security/2014/dsa-3086
http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html
http://www.mandriva.com/security/advisories?name=MDVSA-2014:240
http://advisories.mageia.org/MGASA-2014-0503.html
http://www.mandriva.com/security/advisories?name=MDVSA-2015:125
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
https://support.apple.com/kb/HT205031
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/98764
http://www.securityfocus.com/archive/1/534009/100/0/threaded
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2014-8769
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8769
History
Created Old Value New Value Data Type Notes
2022-05-10 18:34:38 Added to TrackCVE
2022-12-02 02:23:30 2014-11-20T17:50Z 2014-11-20T17:50:06 CVE Published Date updated
2022-12-02 02:23:30 2018-10-09T19:54:45 CVE Modified Date updated
2022-12-02 02:23:30 Modified Vulnerability Status updated