{"id":"CVE-2017-13014","details":"The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions.","modified":"2026-04-16T06:21:36.360591652Z","published":"2017-09-14T06:29:01.763Z","related":["SUSE-SU-2017:2854-1","SUSE-SU-2019:14191-1","openSUSE-SU-2024:11425-1"],"references":[{"type":"WEB","url":"https://support.apple.com/HT208221"},{"type":"WEB","url":"http://www.securitytracker.com/id/1039307"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201709-23"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3971"},{"type":"ADVISORY","url":"http://www.tcpdump.org/tcpdump-changes.txt"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHEA-2018:0705"},{"type":"FIX","url":"https://github.com/the-tcpdump-group/tcpdump/commit/cc356512f512e7fa423b3674db4bb31dbe40ffec"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/the-tcpdump-group/tcpdump","events":[{"introduced":"0"},{"last_affected":"993a67c8e648bc8b19881e29a60f41273cfbee7b"},{"fixed":"cc356512f512e7fa423b3674db4bb31dbe40ffec"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.9.1"}]}}],"versions":["tcpdump-3.5.1","tcpdump-3.6.1","tcpdump-3.7.1","tcpdump-3.8-bp","tcpdump-4.5.0","tcpdump-4.6.0","tcpdump-4.6.0-bp","tcpdump-4.7.0-bp","tcpdump-4.9.0","tcpdump-4.9.0-bp","tcpdump-4.9.1"],"database_specific":{"vanir_signatures":[{"deprecated":false,"target":{"file":"print-wb.c"},"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["276337602690071896609555286324364718827","226572991891521849980971031546064733302","336761474834965028230787266333285479828","225577740228954514818292208281998403072","42505521644767857232073659038518541627","57373436976773499285317916540944664739","226155337014445166667090551963155559314","154361614757521998548399802140530719303","158738510163989376885664822406782560996","264573823247103681797092194980624991279","91864616225705454137709521027704096805","227679894611230323866263168353386291876","211545523382340196144278207008230437680","180347327517623101047085680868211160835","289197272383008689154544597333472796900","181115018078130147551627451747478169060","228678164211435370908874921441211651522","57660437597298818669820375495962238033","291708956101516448158128167267552206168","88622092842120759758263895567531753546","150533562139686148247389996932905905619","259912689651853976387189171381387735787","33019145991433444151456177167717198886","18419795739287254285203324195139891885","246374271857335952992194426434001253189","198962841591476216142237503167954152234","290968035968015098415803667277496933755","245633406554312037794079671076306514428","64016200827172555863700533518217108687","305437376013097479081966717620578830641"]},"source":"https://github.com/the-tcpdump-group/tcpdump/commit/cc356512f512e7fa423b3674db4bb31dbe40ffec","id":"CVE-2017-13014-0ac5eeae","signature_type":"Line"},{"deprecated":false,"target":{"file":"print-wb.c","function":"wb_print"},"signature_version":"v1","digest":{"length":1124,"function_hash":"23792306599577651779348943841154399764"},"source":"https://github.com/the-tcpdump-group/tcpdump/commit/cc356512f512e7fa423b3674db4bb31dbe40ffec","id":"CVE-2017-13014-41303391","signature_type":"Function"},{"deprecated":false,"target":{"file":"print-wb.c","function":"wb_prep"},"signature_version":"v1","digest":{"length":916,"function_hash":"71486976525042352309094668516719599899"},"source":"https://github.com/the-tcpdump-group/tcpdump/commit/cc356512f512e7fa423b3674db4bb31dbe40ffec","id":"CVE-2017-13014-a4796376","signature_type":"Function"}],"vanir_signatures_modified":"2026-04-11T03:56:57Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-13014.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}