{"id":"CVE-2017-12902","details":"The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.","modified":"2026-04-16T06:16:51.878080106Z","published":"2017-09-14T06:29:00.560Z","related":["SUSE-SU-2017:2854-1","SUSE-SU-2019:14191-1","openSUSE-SU-2024:11425-1"],"references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201709-23"},{"type":"ADVISORY","url":"https://support.apple.com/HT208221"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3971"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1039307"},{"type":"ADVISORY","url":"http://www.tcpdump.org/tcpdump-changes.txt"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHEA-2018:0705"},{"type":"REPORT","url":"https://github.com/the-tcpdump-group/tcpdump/commit/6ec0c6fa63412c7a07a5bcb790a529c3563b4173"},{"type":"FIX","url":"https://github.com/the-tcpdump-group/tcpdump/commit/d17507ffa3e9742199b02a66aa940e79ababfa30"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/the-tcpdump-group/tcpdump","events":[{"introduced":"0"},{"last_affected":"993a67c8e648bc8b19881e29a60f41273cfbee7b"},{"fixed":"6ec0c6fa63412c7a07a5bcb790a529c3563b4173"},{"fixed":"d17507ffa3e9742199b02a66aa940e79ababfa30"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.9.1"}]}}],"versions":["tcpdump-3.5.1","tcpdump-3.6.1","tcpdump-3.7.1","tcpdump-3.8-bp","tcpdump-4.5.0","tcpdump-4.6.0","tcpdump-4.6.0-bp","tcpdump-4.7.0-bp","tcpdump-4.9.0","tcpdump-4.9.0-bp","tcpdump-4.9.1"],"database_specific":{"vanir_signatures":[{"deprecated":false,"signature_type":"Function","digest":{"length":4916,"function_hash":"277319140751261064872745785620545304858"},"id":"CVE-2017-12902-79f0ca8b","signature_version":"v1","source":"https://github.com/the-tcpdump-group/tcpdump/commit/d17507ffa3e9742199b02a66aa940e79ababfa30","target":{"function":"zephyr_print","file":"print-zephyr.c"}},{"deprecated":false,"signature_type":"Function","digest":{"length":514,"function_hash":"76092391289975248911401681465474490029"},"id":"CVE-2017-12902-7b37b063","signature_version":"v1","source":"https://github.com/the-tcpdump-group/tcpdump/commit/d17507ffa3e9742199b02a66aa940e79ababfa30","target":{"function":"parse_field","file":"print-zephyr.c"}},{"deprecated":false,"id":"CVE-2017-12902-ce2c8d89","digest":{"line_hashes":["119673634723875607127946671029830858103","102532113659688280960925367926929189920","27644113763819955476552195879163200148","328951246191774199908042029519846501297","191717461914300808596984512909934224332","219758463986484438219949748070648127498","90575409324424064953576619477265851665","28457576506549413542812940025273842344","272376472471453025432131712840062229759","314275338305503805601143229201171236110","160166208775205353590375125268535443445","250742848046822907045663439047166636870","302134235544915112218012580759837519877","261982988453301935160528459486668197172","191499083261619246780535378972759223224","130160977300423462932154306892241370243","240698639552480860476860290234316581806","6341285066203475181865479262216201896","266602063199399257029294206198983929236","281433363264116806789054671320315774102","43193261484849057872092071513678245095","128710345719904509691580976071494713824","304129356666852536868199476512802038509","134023906721578355051897526458335828384","332931474105308933758621876816714155675","193970055922552443355437282242291013625","268228768171195390301522696957941358558","220004174079435664944134262784106867003","39144843577721864330020426908728086035","8391945278160468812794576691088498064","301010308097885572660479480568061049313","333896100276427315341398967970358025759","20844121377402749616491411833716430766","198939695493970290794761530737694525457","94094213098658863335752632490145583791","87082262342162705146086775611190451251"],"threshold":0.9},"signature_type":"Line","signature_version":"v1","source":"https://github.com/the-tcpdump-group/tcpdump/commit/d17507ffa3e9742199b02a66aa940e79ababfa30","target":{"file":"print-zephyr.c"}}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.7"}]}],"vanir_signatures_modified":"2026-04-11T04:47:27Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12902.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}