{"id":"CVE-2017-13029","details":"The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options().","modified":"2026-04-02T00:02:52.634056Z","published":"2017-09-14T06:29:02.327Z","related":["MGASA-2017-0335","SUSE-SU-2017:2854-1","SUSE-SU-2019:14191-1","openSUSE-SU-2024:11425-1"],"references":[{"type":"WEB","url":"https://support.apple.com/HT208221"},{"type":"ADVISORY","url":"http://www.tcpdump.org/tcpdump-changes.txt"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHEA-2018:0705"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201709-23"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3971"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1039307"},{"type":"FIX","url":"https://github.com/the-tcpdump-group/tcpdump/commit/7029d15f148ef24bb7c6668bc640f5470d085e5a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/the-tcpdump-group/tcpdump","events":[{"introduced":"0"},{"last_affected":"993a67c8e648bc8b19881e29a60f41273cfbee7b"},{"fixed":"7029d15f148ef24bb7c6668bc640f5470d085e5a"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.9.1"}]}}],"versions":["tcpdump-3.5.1","tcpdump-3.5.2","tcpdump-3.6.1","tcpdump-3.6.2","tcpdump-3.6.3","tcpdump-3.7.1","tcpdump-3.7.2","tcpdump-3.8-bp","tcpdump-3.8.1","tcpdump-3.8.2","tcpdump-3.8.3","tcpdump-3.9.1","tcpdump-3.9.2","tcpdump-3.9.3","tcpdump-3.9.5","tcpdump-3.9.6","tcpdump-3.9.7","tcpdump-3.9.8","tcpdump-4.0.0","tcpdump-4.1.0","tcpdump-4.1.1","tcpdump-4.2.1","tcpdump-4.3.0","tcpdump-4.4.0","tcpdump-4.5.0","tcpdump-4.5.1","tcpdump-4.6.0","tcpdump-4.6.0-bp","tcpdump-4.6.1","tcpdump-4.7.0-bp","tcpdump-4.7.2","tcpdump-4.7.3","tcpdump-4.7.4","tcpdump-4.8.0","tcpdump-4.8.0-bp","tcpdump-4.8.1","tcpdump-4.9.0","tcpdump-4.9.0-bp","tcpdump-4.9.1"],"database_specific":{"vanir_signatures":[{"signature_type":"Function","id":"CVE-2017-13029-21854a0f","signature_version":"v1","deprecated":false,"digest":{"length":1057,"function_hash":"245744078322262594835914705229953483767"},"target":{"file":"print-ppp.c","function":"print_bacp_config_options"},"source":"https://github.com/the-tcpdump-group/tcpdump/commit/7029d15f148ef24bb7c6668bc640f5470d085e5a"},{"signature_type":"Function","id":"CVE-2017-13029-23fd24ea","signature_version":"v1","deprecated":false,"digest":{"length":2093,"function_hash":"146282207689112759739470610230975685680"},"target":{"file":"print-ppp.c","function":"print_ccp_config_options"},"source":"https://github.com/the-tcpdump-group/tcpdump/commit/7029d15f148ef24bb7c6668bc640f5470d085e5a"},{"signature_type":"Line","id":"CVE-2017-13029-30e1351f","signature_version":"v1","deprecated":false,"digest":{"line_hashes":["70367357606021279317669969812466942119","191173592660328653816113736546130357464","329866653308750598437651304068307417193","197758990803960536514411176723962253780","44910569013634196726728136903395670233","15889332058126615762851613018215022549","93619196673116691137653064853633910105","327810609591263424617229152481497505703","179894599585755610117764268843052812370","43240027996855975298222249595658577577","211974754333762831143020356953778226331","77127712409588425522702499556830919095","339828317384696112101174200307070960536","281114827767978226538236662381675688386","24086487498821263942467273809492643003","19400792127836125101386874814712971983","263660732183012629647056907878414744621","12797384730588297119815733103346640150","49048907870727599656292845282921304796","149203156964583059437957835147343055680","189266271324232903825713916497041019351","179593528343253235752528541080265172808","211974754333762831143020356953778226331","114285739849297130518361525746480277725","138393015028123743905730789927272703778","69838006890516451866728317779588775629","37449434976653051242575389628774523645","185767489289945050943710765054810000395","138393015028123743905730789927272703778","29555577630650314251612140238387767490","93619196673116691137653064853633910105","111777654954571743287192869500202002157","263660732183012629647056907878414744621","66018071675964062153022334328680864186","297132653585994770196926240221344107034","179549764329939049742455797110639432544","178149563465948707296348169918478678288","307933310756150861857774020678537424491","247240817552015661396256057121130949231","37704175051320874692915419501864818431","26216882396213305216377404884625478384","1479275613326173402330268620034784722","222674041308933714560812669595205222893","108095810920716570892112711270336953227","26216882396213305216377404884625478384","252212323614026542532545085769250140413","210813698554188179060722822963233738199","75220450228624073644579414898954090579","179894599585755610117764268843052812370","243807421321944350406547413331459023858","237083131549658857135809433830117212513","253568413315722654294522940179243617439"],"threshold":0.9},"target":{"file":"print-ppp.c"},"source":"https://github.com/the-tcpdump-group/tcpdump/commit/7029d15f148ef24bb7c6668bc640f5470d085e5a"},{"signature_type":"Function","id":"CVE-2017-13029-6c3e292f","signature_version":"v1","deprecated":false,"digest":{"length":5258,"function_hash":"261245867450440574275710384610460527176"},"target":{"file":"print-ppp.c","function":"print_lcp_config_options"},"source":"https://github.com/the-tcpdump-group/tcpdump/commit/7029d15f148ef24bb7c6668bc640f5470d085e5a"},{"signature_type":"Function","id":"CVE-2017-13029-e2940345","signature_version":"v1","deprecated":false,"digest":{"length":2742,"function_hash":"15514114099264362975027729879385611567"},"target":{"file":"print-ppp.c","function":"print_ipcp_config_options"},"source":"https://github.com/the-tcpdump-group/tcpdump/commit/7029d15f148ef24bb7c6668bc640f5470d085e5a"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-13029.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}