{"id":"CVE-2017-13013","details":"The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions.","modified":"2026-04-16T01:39:40.956125079Z","published":"2017-09-14T06:29:01.733Z","related":["SUSE-SU-2017:2854-1","SUSE-SU-2019:14191-1","openSUSE-SU-2024:11425-1"],"references":[{"type":"WEB","url":"http://www.securitytracker.com/id/1039307"},{"type":"WEB","url":"https://support.apple.com/HT208221"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3971"},{"type":"ADVISORY","url":"http://www.tcpdump.org/tcpdump-changes.txt"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHEA-2018:0705"},{"type":"ADVISORY","url":"https://github.com/the-tcpdump-group/tcpdump/commit/13ab8d18617d616c7d343530f8a842e7143fb5cc"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201709-23"},{"type":"REPORT","url":"https://github.com/the-tcpdump-group/tcpdump/commit/13ab8d18617d616c7d343530f8a842e7143fb5cc"},{"type":"FIX","url":"https://github.com/the-tcpdump-group/tcpdump/commit/13ab8d18617d616c7d343530f8a842e7143fb5cc"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/the-tcpdump-group/tcpdump","events":[{"introduced":"0"},{"fixed":"13ab8d18617d616c7d343530f8a842e7143fb5cc"}]}],"versions":["tcpdump-3.5.1","tcpdump-3.6.1","tcpdump-3.7.1","tcpdump-3.8-bp","tcpdump-4.5.0","tcpdump-4.6.0","tcpdump-4.6.0-bp","tcpdump-4.7.0-bp","tcpdump-4.9.0-bp"],"database_specific":{"vanir_signatures":[{"target":{"file":"print-arp.c","function":"atmarp_print"},"digest":{"length":2377,"function_hash":"120720058613379764286434028053907257287"},"signature_version":"v1","source":"https://github.com/the-tcpdump-group/tcpdump/commit/13ab8d18617d616c7d343530f8a842e7143fb5cc","signature_type":"Function","deprecated":false,"id":"CVE-2017-13013-64f0217c"},{"target":{"file":"print-arp.c","function":"arp_print"},"digest":{"length":2685,"function_hash":"334125166438401385834268988110510984839"},"signature_version":"v1","source":"https://github.com/the-tcpdump-group/tcpdump/commit/13ab8d18617d616c7d343530f8a842e7143fb5cc","signature_type":"Function","deprecated":false,"id":"CVE-2017-13013-bf6d403d"},{"target":{"file":"print-arp.c"},"digest":{"line_hashes":["289421457496875284434448887101542912473","316503105046235545314453637352450429612","61778640420485910724142212365003252833","228572764734839754341536439547478080752","34094183822541012987068015310481221355","246859438574123516193374792186185473772","80626505142890602385585672841777422258","304919301808442608103704736100865144425","71253588607476481541822006038256971805","204182494541824437714674981671630162176","202302964204009040625907825830412487879","72884191634589572814459918552841824523","293885146656960987231321745253169414266","277291957186776057245011726335728309530","293026187528397076813901971931702164176","35903218526677602978808988863201194771","75206976895483153848620464414658736069","20549351655143604934549873749333012466","256556187080211877930556165548339467514","104071443967618205272353749272321719978","287714989233273571995253637466034980794","39744618006627816939870542239093798678","113670747163441267193221896624439778949","207113928547065266874631989741388674186","336881001119795321686215618798747046916","24594919834742498879898604031256110533","228374393448532318325832364791777388994","242986161628019899207810896959101771785","90523286215930579378627459087001239792","256506520110756328968586430087113640068","158181053987036687265642846671456231339","43895323595395760660656285057253886560","200269605534634149174392426761458837111","43872662543692258487123142702893052379","108593513024023077381970660215907548926","172128563972197499987112322005275491944","54630216236006796327336419889735337991","19277526733595240303366928353724910516","317216886702684525147243078252836964830","170770143272091575400375764695299831607","130702824140053832468656992223252188211","181682967945868769698264822202555257580","12859286393282247879500365084949113800","132766435400979969790816928409898752917","153276377072517550885364269807361538246","91250313021911208620575556777164566352","200436714306099589695008519236345181137","53695113742464634654948811092484183824","49984350220054005586430029877163106969","202964171700387884549808298951565491258","315393236913559389419007912545699861221","128870436566359802248815036501349686521","239743360412502470510470368077023260400","107139013890961210884172569588307713939","300839620193381952266344760619003539314","239719645637826916439158795628584665005","250297904291178698272841851216037180668","23763981750574975746326371655293166060"],"threshold":0.9},"signature_version":"v1","source":"https://github.com/the-tcpdump-group/tcpdump/commit/13ab8d18617d616c7d343530f8a842e7143fb5cc","signature_type":"Line","deprecated":false,"id":"CVE-2017-13013-f8999380"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-13013.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}