{"id":"CVE-2017-13009","details":"The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print().","modified":"2026-02-16T10:04:21.293957Z","published":"2017-09-14T06:29:01.607Z","related":["MGASA-2017-0335","SUSE-SU-2017:2854-1","SUSE-SU-2019:14191-1","openSUSE-SU-2024:11425-1"],"references":[{"type":"WEB","url":"http://www.securitytracker.com/id/1039307"},{"type":"WEB","url":"https://support.apple.com/HT208221"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3971"},{"type":"ADVISORY","url":"http://www.tcpdump.org/tcpdump-changes.txt"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHEA-2018:0705"},{"type":"ADVISORY","url":"https://github.com/the-tcpdump-group/tcpdump/commit/db8c799f6dfc68765c9451fcbfca06e662f5bd5f"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201709-23"},{"type":"REPORT","url":"https://github.com/the-tcpdump-group/tcpdump/commit/db8c799f6dfc68765c9451fcbfca06e662f5bd5f"},{"type":"FIX","url":"https://github.com/the-tcpdump-group/tcpdump/commit/db8c799f6dfc68765c9451fcbfca06e662f5bd5f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/the-tcpdump-group/tcpdump","events":[{"introduced":"0"},{"fixed":"db8c799f6dfc68765c9451fcbfca06e662f5bd5f"}]}],"versions":["tcpdump-3.5.1","tcpdump-3.6.1","tcpdump-3.7.1","tcpdump-3.8-bp","tcpdump-4.5.0","tcpdump-4.6.0","tcpdump-4.6.0-bp","tcpdump-4.7.0-bp","tcpdump-4.9.0-bp"],"database_specific":{"vanir_signatures":[{"deprecated":false,"id":"CVE-2017-13009-bd28a314","target":{"file":"print-mobility.c"},"signature_type":"Line","digest":{"line_hashes":["234336878474384708427175196259430270535","298344445882304071452228613038770209582","285693068405845694162644915113142030057","62791597753041845556370966323581660457","313232882752054436169099116818386108773","252580815526277090766585413859216533063","285693068405845694162644915113142030057","281617827713227537654569541647933096749","4415564542781331037917695057692305566","99327614717100166854620837965346952261","264767423360634760744780799932288400979","154051172441574365569744158968866616234","114720586672526779666389065944230257553","231910312788443164837089486845675653104","199699086715691308298720673519608407329","165810960290965296679621845984728035524","187900299945216593297092750220143750378","181730557969849989110038525915321965148","100474168979904691881384430968304747556","275724834326419467331347677681740709636","59284278426268529923729292256353664039","266057581085670031398855051786562952692","331798279224493516429919150128771764561","338188315974508979308409268433506799592","102765003821211087838727826282038657538","104692071820677036742951212598380555759","105432996161127581266490691879022243511","77453860719682699964320788583778124577","145530657233521137855203973755828525669","165074276051844453429759818749891320962","300260363717765982358445701213046441168","126567815748666658821722029792171473565","149646355514421098307140092078950212264","174562165237359371102738316847029788456","244291096427250790336870711868591750007","279968696151388708693561917280003162409","313494239679303061702198443674787955004","294802473751201133039006079640536585115","70624131908825635712357446448335074585","238814787795788113330060552522813826719","165074276051844453429759818749891320962","273224363712622787801294318907705615472","76658070863716878183301626804824292338","249305064551709912380198932569630007239","304794320628167767398721969247275998884"],"threshold":0.9},"signature_version":"v1","source":"https://github.com/the-tcpdump-group/tcpdump/commit/db8c799f6dfc68765c9451fcbfca06e662f5bd5f"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-13009.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}