{"id":"CVE-2020-8037","details":"The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.","modified":"2026-04-16T04:33:10.177632721Z","published":"2020-11-04T18:15:20.843Z","related":["ALSA-2021:4236","SUSE-SU-2020:3358-1","SUSE-SU-2020:3360-1","openSUSE-SU-2020:1983-1","openSUSE-SU-2020:1986-1","openSUSE-SU-2024:11425-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWDBONZVLC6BAOR2KM376DJCM4H3FERV/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2MX34MJIUJQGL6CMEPLTKFOOOC3CJ4Z/"},{"type":"ADVISORY","url":"https://support.apple.com/kb/HT212325"},{"type":"ADVISORY","url":"https://support.apple.com/kb/HT212326"},{"type":"ADVISORY","url":"https://support.apple.com/kb/HT212327"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2021/Apr/51"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00018.html"},{"type":"FIX","url":"https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/the-tcpdump-group/tcpdump","events":[{"introduced":"0"},{"last_affected":"d9a693b043262f1999ee7aba28acadfd0f77cc38"},{"fixed":"32027e199368dad9508965aae8cd8de5b6ab5231"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.9.3"}]}}],"versions":["tcpdump-3.5.1","tcpdump-3.6.1","tcpdump-3.7.1","tcpdump-3.8-bp","tcpdump-4.5.0","tcpdump-4.6.0","tcpdump-4.6.0-bp","tcpdump-4.7.0-bp","tcpdump-4.9.0","tcpdump-4.9.0-bp","tcpdump-4.9.1","tcpdump-4.9.2","tcpdump-4.9.3"],"database_specific":{"vanir_signatures_modified":"2026-04-11T17:01:35Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"fixed":"10.14.6"}]},{"events":[{"introduced":"10.15"},{"fixed":"10.15.7"}]},{"events":[{"introduced":"0"},{"last_affected":"10.14.6-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"10.14.6-security_update_2019\\-001"}]},{"events":[{"introduced":"0"},{"last_affected":"10.14.6-security_update_2019\\-002"}]},{"events":[{"introduced":"0"},{"last_affected":"10.14.6-security_update_2020\\-001"}]},{"events":[{"introduced":"0"},{"last_affected":"10.14.6-security_update_2020\\-002"}]},{"events":[{"introduced":"0"},{"last_affected":"10.14.6-security_update_2020\\-003"}]},{"events":[{"introduced":"0"},{"last_affected":"10.14.6-security_update_2020\\-004"}]},{"events":[{"introduced":"0"},{"last_affected":"10.14.6-security_update_2020\\-005"}]},{"events":[{"introduced":"0"},{"last_affected":"10.14.6-security_update_2020\\-006"}]},{"events":[{"introduced":"0"},{"last_affected":"10.14.6-security_update_2020\\-007"}]},{"events":[{"introduced":"0"},{"last_affected":"10.14.6-security_update_2021\\-001"}]},{"events":[{"introduced":"0"},{"last_affected":"10.15.7-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"10.15.7-security_update_2020\\-001"}]},{"events":[{"introduced":"0"},{"last_affected":"10.15.7-security_update_2021\\-001"}]},{"events":[{"introduced":"0"},{"last_affected":"10.15.7-supplemental_update"}]},{"events":[{"introduced":"11.0"},{"fixed":"11.3"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8037.json","vanir_signatures":[{"signature_type":"Function","digest":{"length":1251,"function_hash":"114072365358220823879709176952693676320"},"id":"CVE-2020-8037-625654ac","target":{"function":"ppp_hdlc","file":"print-ppp.c"},"signature_version":"v1","source":"https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231","deprecated":false},{"signature_type":"Line","digest":{"line_hashes":["75602926860762894768813751569532021359","9867738560598064159077092336868710730","226286868117138916932261892023417786878","312535365908525278831835037643938069206","193708830256193212648148804585932547330","225582233472056077528484568223799068742","87512221018872648189638407990642100373","331997209997900974668790162158431339155","32254091627956064590784894660703272575","275556175249599490980814440375788132190","79058067046007865613622272898805451482","96770968572884396529904239864250777959","15054595184741052885796942294073694432","169938687647837023712455514535228888440","179516277381903108913256904174120081207","188861693945644257165746229702332158795","241755533398317547277580406153182923367","277299685682914552613762330927893646226","43450640239716668424840137206990379970","169909079340584079484773553150578196492"],"threshold":0.9},"id":"CVE-2020-8037-df93f99f","target":{"file":"print-ppp.c"},"source":"https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231","signature_version":"v1","deprecated":false}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}