{"id":"CVE-2017-12900","details":"Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2strbuf().","modified":"2026-04-16T01:44:27.903203303Z","published":"2017-09-14T06:29:00.467Z","related":["SUSE-SU-2017:2854-1","SUSE-SU-2019:14191-1","openSUSE-SU-2024:11425-1"],"references":[{"type":"WEB","url":"http://www.securitytracker.com/id/1039307"},{"type":"WEB","url":"https://support.apple.com/HT208221"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3971"},{"type":"ADVISORY","url":"http://www.tcpdump.org/tcpdump-changes.txt"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHEA-2018:0705"},{"type":"ADVISORY","url":"https://github.com/the-tcpdump-group/tcpdump/commit/0318fa8b61bd6c837641129d585f1a73c652b1e0"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201709-23"},{"type":"REPORT","url":"https://github.com/the-tcpdump-group/tcpdump/commit/0318fa8b61bd6c837641129d585f1a73c652b1e0"},{"type":"FIX","url":"https://github.com/the-tcpdump-group/tcpdump/commit/0318fa8b61bd6c837641129d585f1a73c652b1e0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/the-tcpdump-group/tcpdump","events":[{"introduced":"0"},{"fixed":"0318fa8b61bd6c837641129d585f1a73c652b1e0"}]}],"versions":["tcpdump-3.5.1","tcpdump-3.6.1","tcpdump-3.7.1","tcpdump-3.8-bp","tcpdump-4.5.0","tcpdump-4.6.0","tcpdump-4.6.0-bp","tcpdump-4.7.0-bp","tcpdump-4.9.0-bp"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-12900.json","vanir_signatures":[{"deprecated":false,"target":{"file":"print-lldp.c"},"signature_type":"Line","id":"CVE-2017-12900-13ba2548","source":"https://github.com/the-tcpdump-group/tcpdump/commit/0318fa8b61bd6c837641129d585f1a73c652b1e0","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["249792396176372392899668153153011385128","203561160431601188015626403175706537592","147836605465189813655155649870614887423","73117280770744554929234499326241577374"]}},{"signature_version":"v1","id":"CVE-2017-12900-794d90fa","signature_type":"Line","deprecated":false,"source":"https://github.com/the-tcpdump-group/tcpdump/commit/0318fa8b61bd6c837641129d585f1a73c652b1e0","target":{"file":"print-zephyr.c"},"digest":{"threshold":0.9,"line_hashes":["187866627452079226450449730478816644335","96089795993813924729169146911821348228","44510747311602326313973868301826425550","180728348787287198707532452509364407212"]}},{"id":"CVE-2017-12900-cd7332e3","target":{"file":"print-lspping.c"},"signature_type":"Line","deprecated":false,"source":"https://github.com/the-tcpdump-group/tcpdump/commit/0318fa8b61bd6c837641129d585f1a73c652b1e0","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["169577120722358044768187932787943922402","212303081025250594234528128259298295498","66853058011606276969496307019452103484","278148100220678628931403813243130346977"]}},{"deprecated":false,"target":{"file":"print-bgp.c"},"signature_type":"Line","id":"CVE-2017-12900-cd9b4fdb","source":"https://github.com/the-tcpdump-group/tcpdump/commit/0318fa8b61bd6c837641129d585f1a73c652b1e0","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["219042723296988811246376927418514898062","88209263465382211686591578184849709099","202916208505590268428786864682072942787","225295460996470136666675446229536616432"]}}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}