{"id":"CVE-2017-13026","details":"The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c, several functions.","modified":"2026-04-16T01:39:36.828061230Z","published":"2017-09-14T06:29:02.217Z","related":["SUSE-SU-2017:2854-1","openSUSE-SU-2024:11425-1"],"references":[{"type":"WEB","url":"https://support.apple.com/HT208221"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3971"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1039307"},{"type":"ADVISORY","url":"http://www.tcpdump.org/tcpdump-changes.txt"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHEA-2018:0705"},{"type":"ADVISORY","url":"https://github.com/the-tcpdump-group/tcpdump/commit/b20e1639dbac84b3fcb393858521c13ad47a9d70"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201709-23"},{"type":"REPORT","url":"https://github.com/the-tcpdump-group/tcpdump/commit/b20e1639dbac84b3fcb393858521c13ad47a9d70"},{"type":"FIX","url":"https://github.com/the-tcpdump-group/tcpdump/commit/b20e1639dbac84b3fcb393858521c13ad47a9d70"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/the-tcpdump-group/tcpdump","events":[{"introduced":"0"},{"fixed":"b20e1639dbac84b3fcb393858521c13ad47a9d70"}]}],"versions":["tcpdump-3.5.1","tcpdump-3.6.1","tcpdump-3.7.1","tcpdump-3.8-bp","tcpdump-4.5.0","tcpdump-4.6.0","tcpdump-4.6.0-bp","tcpdump-4.7.0-bp","tcpdump-4.9.0-bp"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-13026.json","vanir_signatures":[{"source":"https://github.com/the-tcpdump-group/tcpdump/commit/b20e1639dbac84b3fcb393858521c13ad47a9d70","id":"CVE-2017-13026-39e904f0","signature_type":"Function","deprecated":false,"digest":{"length":2595,"function_hash":"25864194697234152390102819753792648992"},"signature_version":"v1","target":{"file":"print-isoclns.c","function":"isis_print_mt_capability_subtlv"}},{"digest":{"function_hash":"124003423342110175779392083126313169948","length":1994},"deprecated":false,"signature_type":"Function","id":"CVE-2017-13026-a9de494b","source":"https://github.com/the-tcpdump-group/tcpdump/commit/b20e1639dbac84b3fcb393858521c13ad47a9d70","signature_version":"v1","target":{"file":"print-isoclns.c","function":"isis_print_mt_port_cap_subtlv"}},{"source":"https://github.com/the-tcpdump-group/tcpdump/commit/b20e1639dbac84b3fcb393858521c13ad47a9d70","id":"CVE-2017-13026-dfca38bb","signature_type":"Line","deprecated":false,"digest":{"line_hashes":["127190199921719513479520465953617257257","210069435916775258403101888348178321999","296042143337105689998759820040866278229","316221183175476160351350455837625815543","214057216158033640595235677807763072048","9772792205818488953152104150636390726","336960640809661007482608854085228400538","254850850927962970350125009120686986420","303158082907701333322668702902336803748","15759910400451539932521761834823935340","148750473565930596314896722399790428528","67129167222992523632293250325086256579","260531310773045303256401843046971790512","6463536529664186164024205562949722781","331792360114617310877076191004574815369","19575806156255957066124363278575099106","218300560677456800656683721770874927904","149162823171522781195623101989835150163","47660783279411917702718447105756485198","163846481103781554503437105153590597574","149632730543128030054364785021798086398","278430730349582942444564196221861908334","177352614473823209271112051885639198166","231176161426228114157426538907824540337","94513813759104666762842881438041164344","337932534989999462895497080535439074391","215610623773910452048423974654361564405","109274691938949294800231097760711051283","11440194145400312876605330323298995377","86641638254889369982859525389601801597","123890006887829624960676999719880033188","103636322666914484820422565664507865143","261165616218803672595005730472613996203","330048734140082341341104425196038564113","194018544671910943289741621752355400111","96169057650297514766903841905878883190","103298329085228962756679304270232384483","226422646962418002163160529281622315428","18109905741285251012175914807313051249","16005707821783007815482866254495297126","39302910621898167293865526273311332327","163365333947463192760216260292028193514","220874209762409506206246963739310088927","51124951514484930441462541067583068461","289706994965178380459040848280592145411","226349168921439104179362238953771886956","296042143337105689998759820040866278229","238888627684755009881872369594127192658","214057216158033640595235677807763072048","9772792205818488953152104150636390726","33869227203802164588011071513489856381","67887123929556866306095510220690608332","9557528804761320850742180125957418047","197185408678204589044146297787978200582","225492116918607489522348133594782997182","77956669151261769531974984898149801803","56336475691435769169069000701138796025","294246766464918591220959956653900398009","302615726303585843001330526070108399485","309836571399747923605516934712226151480","51306322863229051936345509983554598360","197289937838406889096153806020983930687","125118522068229089866659936087144094179","332528112269175734018777266642591931824","14799043247237734291952997188588375146","230505847897085237545998074409589204175","217271968593038181023021007183095178725","469507758691939335872763084144667842","256802715954552916976042374566190915598","197449326656641653866564272069772656689","208815418482110578702240025686331078934","273044645211350846033584871890401335473","163365333947463192760216260292028193514","220874209762409506206246963739310088927","51124951514484930441462541067583068461"],"threshold":0.9},"signature_version":"v1","target":{"file":"print-isoclns.c"}}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}