{"id":"CVE-2017-13037","details":"The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts().","modified":"2026-04-16T06:17:52.156816446Z","published":"2017-09-14T06:29:02.607Z","related":["SUSE-SU-2017:2854-1","SUSE-SU-2019:14191-1","openSUSE-SU-2024:11425-1"],"references":[{"type":"WEB","url":"https://support.apple.com/HT208221"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201709-23"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3971"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1039307"},{"type":"ADVISORY","url":"http://www.tcpdump.org/tcpdump-changes.txt"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHEA-2018:0705"},{"type":"FIX","url":"https://github.com/the-tcpdump-group/tcpdump/commit/2c2cfbd2b771ac888bc5c4a6d922f749d3822538"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/the-tcpdump-group/tcpdump","events":[{"introduced":"0"},{"last_affected":"993a67c8e648bc8b19881e29a60f41273cfbee7b"},{"fixed":"2c2cfbd2b771ac888bc5c4a6d922f749d3822538"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.9.1"}]}}],"versions":["tcpdump-3.5.1","tcpdump-3.6.1","tcpdump-3.7.1","tcpdump-3.8-bp","tcpdump-4.5.0","tcpdump-4.6.0","tcpdump-4.6.0-bp","tcpdump-4.7.0-bp","tcpdump-4.9.0","tcpdump-4.9.0-bp","tcpdump-4.9.1"],"database_specific":{"vanir_signatures":[{"digest":{"line_hashes":["336377117596429502960058157619433948649","189398013363513858156678024811608537329","148339011869887250840719193034275973883","28356840079853476485763553559728124634","157745029847229242797395285292526325935","162813019878784182606214370631171151313","288684731262701365466766239826103293255","327976177238145923061637098437128017022","76063473073604295644937923374790765505","242353278293474977939165151067276364779","253230232289192269631127197770598583433","48635916872931355285158205108167120342","111051459127465545800341184446146878653","95812415148527599353961080956626514358","77705109493153375985621689644762918152","113430747889973595488818513606603743360","293128686147130806660138420038965641013","324906923594382748607906952099412577061","132891716252296611292459497293341294354","68616511144132872882517092221549816969","64863351054738544733110440953135853609","235015707932675413577446019574376227274","231198887189859508935021192423792801746","236094583927751880301348870841565512974","310229097001020502726371795259096264076","243173126141132424076657870246516037669","157338938410059069451775677542539479397","16242273198838324525767500062398018898","273057003075554678857283301569954132542"],"threshold":0.9},"signature_type":"Line","target":{"file":"print-ip.c"},"signature_version":"v1","deprecated":false,"source":"https://github.com/the-tcpdump-group/tcpdump/commit/2c2cfbd2b771ac888bc5c4a6d922f749d3822538","id":"CVE-2017-13037-68291a29"},{"digest":{"function_hash":"286796032707311030437708772389029766749","length":1396},"target":{"function":"ip_printts","file":"print-ip.c"},"source":"https://github.com/the-tcpdump-group/tcpdump/commit/2c2cfbd2b771ac888bc5c4a6d922f749d3822538","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2017-13037-750b7747"},{"digest":{"function_hash":"122333067993602713736282066434912333632","length":1251},"source":"https://github.com/the-tcpdump-group/tcpdump/commit/2c2cfbd2b771ac888bc5c4a6d922f749d3822538","target":{"function":"ip_optprint","file":"print-ip.c"},"signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2017-13037-d30eb1af"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-13037.json","vanir_signatures_modified":"2026-04-11T03:57:01Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}