Out-of-bounds read in tcpdump (Alpine package)

1) Out-of-bounds read

EUVDB-ID: #VU7591

Risk: Low

CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2017-11108

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists to a boundary error in the EXTRACT_16BITS() function, called from the stp_print function for the Spanning Tree Protocol in tcpdump 4.9.0. A remote attacker can send a specially crafted network packet, trigger heap-based buffer over-read and crash the affected application.

Successful exploitation of the vulnerability may allow an attacker to perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tcpdump (Alpine package): 4.9.0-r0 - 4.9.0-r1

CPE2.3

• cpe:2.3:o:alpine:tcpdump_alpine_package:4.9.0-r0:*:*:*:*:alpine_linux:*:3.2
• cpe:2.3:o:alpine:tcpdump_alpine_package:4.9.0-r1:*:*:*:*:alpine_linux:*:3.5

External links

https://git.alpinelinux.org/aports/commit/?id=ed2696f6dd2ad0000032a67399ae473c9563f6ce
https://git.alpinelinux.org/aports/commit/?id=463c720cae55a3f0c45d5b52bc6da81e2fbe307e
https://git.alpinelinux.org/aports/commit/?id=6a4921f8846fe08c0b44f7e73e948be040db17c1
https://git.alpinelinux.org/aports/commit/?id=a9f20ceec7434edc3b6efaaf3d9117504437d0d0
https://git.alpinelinux.org/aports/commit/?id=d663ed834ba5f4b06ea39a034880ace2ccd4a237
https://git.alpinelinux.org/aports/commit/?id=e4c016a17c2cc2731a4800dc0a4a68d83770a68e

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.