{"id":"CVE-2017-13052","details":"The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print().","modified":"2026-04-02T00:03:18.154175Z","published":"2017-09-14T06:29:03.153Z","related":["MGASA-2017-0335","SUSE-SU-2017:2854-1","openSUSE-SU-2024:11425-1"],"references":[{"type":"WEB","url":"https://support.apple.com/HT208221"},{"type":"ADVISORY","url":"http://www.tcpdump.org/tcpdump-changes.txt"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHEA-2018:0705"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201709-23"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3971"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1039307"},{"type":"FIX","url":"https://github.com/the-tcpdump-group/tcpdump/commit/5d340a5ca6e420a70297cdbdf777333f18bfdab7"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/the-tcpdump-group/tcpdump","events":[{"introduced":"0"},{"last_affected":"993a67c8e648bc8b19881e29a60f41273cfbee7b"},{"fixed":"5d340a5ca6e420a70297cdbdf777333f18bfdab7"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.9.1"}]}}],"versions":["tcpdump-3.5.1","tcpdump-3.5.2","tcpdump-3.6.1","tcpdump-3.6.2","tcpdump-3.6.3","tcpdump-3.7.1","tcpdump-3.7.2","tcpdump-3.8-bp","tcpdump-3.8.1","tcpdump-3.8.2","tcpdump-3.8.3","tcpdump-3.9.1","tcpdump-3.9.2","tcpdump-3.9.3","tcpdump-3.9.5","tcpdump-3.9.6","tcpdump-3.9.7","tcpdump-3.9.8","tcpdump-4.0.0","tcpdump-4.1.0","tcpdump-4.1.1","tcpdump-4.2.1","tcpdump-4.3.0","tcpdump-4.4.0","tcpdump-4.5.0","tcpdump-4.5.1","tcpdump-4.6.0","tcpdump-4.6.0-bp","tcpdump-4.6.1","tcpdump-4.7.0-bp","tcpdump-4.7.2","tcpdump-4.7.3","tcpdump-4.7.4","tcpdump-4.8.0","tcpdump-4.8.0-bp","tcpdump-4.8.1","tcpdump-4.9.0","tcpdump-4.9.0-bp","tcpdump-4.9.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-13052.json","vanir_signatures":[{"signature_type":"Function","id":"CVE-2017-13052-8a931cb0","source":"https://github.com/the-tcpdump-group/tcpdump/commit/5d340a5ca6e420a70297cdbdf777333f18bfdab7","target":{"function":"cfm_network_addr_print","file":"print-cfm.c"},"signature_version":"v1","deprecated":false,"digest":{"length":485,"function_hash":"232540731291277148770520456182036462916"}},{"signature_type":"Line","id":"CVE-2017-13052-e4be6252","source":"https://github.com/the-tcpdump-group/tcpdump/commit/5d340a5ca6e420a70297cdbdf777333f18bfdab7","target":{"file":"print-cfm.c"},"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["80741822462077441123503422963199184776","150265555908817854105750076591173984920","201090491638076749405111983985118832302","15132964559816111241084487024918645654","6823738298761561224379280241936812706","327056877712625019181926988083714273239","238059367858253378455425665825975017676","186688970415895555014910777708615584904","83822530283452535160876622983499961331","143941441490390697267295529609839546801","152005731806711978043946382994559237914","46029461272162785421752664499464009865","291674265046957254903997936971976882156","133728706966789918636936938310637617590","165194018126357890257804646042374864591","153487549578650442071668972683637831840","60466690142558060555644709748607674937","162207167696064250715763758854224096924","159977122852790163271542853092652331099","200623859406511419853169001114125208684","185277800806865906708584170097942020162","228507359396161778641967714137889176977","157536928035373841109276507018729370468","205316541307473025297198188226625163932","323382930511496270419326466496138005160","251288258842993913982240343963169696240","56961560939322156693871682100314060658","117389890032957458971154799636246436735","163512650367956459129522207465886539014","340060252396749594433589744882227383569","243493027649654260348499606766819978390","325632913464661676582211132197644031851","285626316298976758187202063763394068566","104535032867544338110140263579457124772","30094850566290566754303488641533825293","240745086768054425757097496122829369768","9395181234138121465540071625295776081","313035326130967938293090546681618081401","160411019969075850623252656029467154206","58759855390860034822024603927379593231","186037650784257969430037123461113528018","156947453081944320649927394023279099679","187336350945291249891928149201368867277","235625617398205255566474064890310401351","278096600700421000357220850086419134705","116883193010023990608476468737250289876","210240921173319399228781462804237859203","52621746983056507435217092065663319124","68898828070657277399040415191913678539","266101808855159814341500180894444449167","284305812833742402090124447950746102500","261676423988628951342712455069875734952","169116614040360555801092475879572934897","29322825681409494274159577514512711441","329198458815204800680703944162628278773","205316541307473025297198188226625163932","247838775633360015907780489897699192500","156947453081944320649927394023279099679","187336350945291249891928149201368867277","235625617398205255566474064890310401351","278096600700421000357220850086419134705","116883193010023990608476468737250289876","210240921173319399228781462804237859203","52621746983056507435217092065663319124","284305812833742402090124447950746102500","261676423988628951342712455069875734952","84709343714629784651636225228239283628","186848264368413900166907238867269186943","189586465429336928909384022744067527862","324486746029549912334155125643073166615"],"threshold":0.9}},{"signature_type":"Function","id":"CVE-2017-13052-e54351e2","source":"https://github.com/the-tcpdump-group/tcpdump/commit/5d340a5ca6e420a70297cdbdf777333f18bfdab7","target":{"function":"cfm_print","file":"print-cfm.c"},"signature_version":"v1","deprecated":false,"digest":{"length":8767,"function_hash":"94995995543402001394332382772502495613"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}