{"id":"CVE-2017-13042","details":"The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print().","modified":"2026-04-16T06:15:45.626120154Z","published":"2017-09-14T06:29:02.780Z","related":["SUSE-SU-2017:2854-1","openSUSE-SU-2024:11425-1"],"references":[{"type":"WEB","url":"https://support.apple.com/HT208221"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHEA-2018:0705"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201709-23"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3971"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1039307"},{"type":"ADVISORY","url":"http://www.tcpdump.org/tcpdump-changes.txt"},{"type":"FIX","url":"https://github.com/the-tcpdump-group/tcpdump/commit/39582c04cc5e34054b2936b423072fb9df2ff6ef"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/the-tcpdump-group/tcpdump","events":[{"introduced":"0"},{"last_affected":"993a67c8e648bc8b19881e29a60f41273cfbee7b"},{"fixed":"39582c04cc5e34054b2936b423072fb9df2ff6ef"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.9.1"}]}}],"versions":["tcpdump-3.5.1","tcpdump-3.6.1","tcpdump-3.7.1","tcpdump-3.8-bp","tcpdump-4.5.0","tcpdump-4.6.0","tcpdump-4.6.0-bp","tcpdump-4.7.0-bp","tcpdump-4.9.0","tcpdump-4.9.0-bp","tcpdump-4.9.1"],"database_specific":{"vanir_signatures":[{"signature_type":"Line","id":"CVE-2017-13042-1f39d2d2","target":{"file":"print-hncp.c"},"digest":{"threshold":0.9,"line_hashes":["271291941724673615232417132637518384269","26677000921868014255256920594760141729","309734749288011757570807663444403848149","10411421256108217757264424966383925420","225917642202699590963619218400178643302","253769488728218380134974015218682599142","172467566841741380615140722830442186602","315415057899283192826447604930330826938"]},"signature_version":"v1","deprecated":false,"source":"https://github.com/the-tcpdump-group/tcpdump/commit/39582c04cc5e34054b2936b423072fb9df2ff6ef"},{"target":{"file":"print-hncp.c","function":"dhcpv6_print"},"signature_type":"Function","id":"CVE-2017-13042-4bc5d803","digest":{"length":1003,"function_hash":"314864348627341437947351339301548824680"},"deprecated":false,"signature_version":"v1","source":"https://github.com/the-tcpdump-group/tcpdump/commit/39582c04cc5e34054b2936b423072fb9df2ff6ef"}],"vanir_signatures_modified":"2026-04-11T04:47:33Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-13042.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}