{"id":"CVE-2017-13040","details":"The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.","modified":"2026-02-16T10:04:40.314859Z","published":"2017-09-14T06:29:02.717Z","related":["MGASA-2017-0335","SUSE-SU-2017:2854-1","openSUSE-SU-2024:11425-1"],"references":[{"type":"WEB","url":"https://support.apple.com/HT208221"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3971"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1039307"},{"type":"ADVISORY","url":"http://www.tcpdump.org/tcpdump-changes.txt"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHEA-2018:0705"},{"type":"ADVISORY","url":"https://github.com/the-tcpdump-group/tcpdump/commit/4c3aee4bb0294c232d56b6d34e9eeb74f630fe8c"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201709-23"},{"type":"REPORT","url":"https://github.com/the-tcpdump-group/tcpdump/commit/4c3aee4bb0294c232d56b6d34e9eeb74f630fe8c"},{"type":"FIX","url":"https://github.com/the-tcpdump-group/tcpdump/commit/4c3aee4bb0294c232d56b6d34e9eeb74f630fe8c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/the-tcpdump-group/tcpdump","events":[{"introduced":"0"},{"fixed":"4c3aee4bb0294c232d56b6d34e9eeb74f630fe8c"}]}],"versions":["tcpdump-3.5.1","tcpdump-3.6.1","tcpdump-3.7.1","tcpdump-3.8-bp","tcpdump-4.5.0","tcpdump-4.6.0","tcpdump-4.6.0-bp","tcpdump-4.7.0-bp","tcpdump-4.9.0-bp"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-13040.json","vanir_signatures":[{"signature_type":"Function","source":"https://github.com/the-tcpdump-group/tcpdump/commit/4c3aee4bb0294c232d56b6d34e9eeb74f630fe8c","digest":{"length":292,"function_hash":"149289269210300368877948464289125886636"},"id":"CVE-2017-13040-1a32e23d","target":{"function":"mp_dss_len","file":"print-mptcp.c"},"deprecated":false,"signature_version":"v1"},{"signature_type":"Function","source":"https://github.com/the-tcpdump-group/tcpdump/commit/4c3aee4bb0294c232d56b6d34e9eeb74f630fe8c","digest":{"length":1090,"function_hash":"115113868048833612989905763553185272988"},"id":"CVE-2017-13040-4a44f036","target":{"function":"mp_dss_print","file":"print-mptcp.c"},"deprecated":false,"signature_version":"v1"},{"signature_type":"Function","source":"https://github.com/the-tcpdump-group/tcpdump/commit/4c3aee4bb0294c232d56b6d34e9eeb74f630fe8c","digest":{"length":1007,"function_hash":"123477414917799137847310290251493575392"},"id":"CVE-2017-13040-94e7a223","target":{"function":"mp_join_print","file":"print-mptcp.c"},"deprecated":false,"signature_version":"v1"},{"signature_type":"Line","source":"https://github.com/the-tcpdump-group/tcpdump/commit/4c3aee4bb0294c232d56b6d34e9eeb74f630fe8c","digest":{"threshold":0.9,"line_hashes":["93190240881347835246722243666573112304","70855635515785349428299759792128239660","297396432376449089260317951347313562102","98062044302491389874269132693371196909","146305333581506304626434501942631997983","220638378375047387680969444463147456697","6620550358785242452871912769719821758","51135041605402199213325120337947596605","262399405073449951259031745480976549412","69004193498316301403076514562110382015","292859506668500452070250549688671583252","336943224953604874465187610808892021930","266557296601182865387023966106372834294","53609704366388345375283992956665965156","196026732900564525607327221862010116533","157078669116610267863036532637938509152","183006953262866046420297432653570335794","86676533478606018733245712071641001157","75084676669396332994766629949165765485","115356938794095728760515212099211369879","245376015005167909853470701820838986899","196809175774273555273320443807871934255","84491524050525597658692491766966367407","113897487970483868525364177800484968740","114708907366650472062612940818719854456","269391363235166521812671835658856644624","137173400538161393720190376048044140058","272592100600461021256605895391267314766","263919560382377776482573540234308164396","92656689899839399687732823894761493205","161218752549466797674287689263476330488","295542887781937266877669166905763604679","43928838613572668962539194403869635016","141146078800833594475831811101348007524","256214417694125540534598486624143339846","4970104687644394391617437175977807158","8378448981372542342253874066935028880","17737485250048290027917621473976221962","104906119851784625272243359684805082762","238051892413470962213959967851503259859","220166466867270786265343987424888588459","15175401365066520578241270054121567600","198008891560917412614326597175466411188","101927418865186341471191330143027226039","53815777605899695153245430599131040150","9885257140092283003312137367866416959","337884753507624122991439824994835914499","143059308130579002234986246806944255312","246516021993760246507984005592064912672","50028500996018536088379985819629745375","81861833528980780543201233323008529412","15175401365066520578241270054121567600","198008891560917412614326597175466411188","101927418865186341471191330143027226039","2032651688856025482453806503897778726","61033630690440186826642354108588359847","311764571616330757034112354091222593939","332452341679817671547387899717209356949","299752817102494396569493633994368646538","197978489739725840457214495348425412768","255132433542244586756073099954922686795","26933712174257974969883149343363520814","330721030244498386900150197378158951467","189825879627495670782481280907387652693"]},"id":"CVE-2017-13040-a8ed9d24","target":{"file":"print-mptcp.c"},"deprecated":false,"signature_version":"v1"},{"signature_type":"Function","source":"https://github.com/the-tcpdump-group/tcpdump/commit/4c3aee4bb0294c232d56b6d34e9eeb74f630fe8c","digest":{"length":689,"function_hash":"172192805218409241890078308098541939597"},"id":"CVE-2017-13040-deeb94ff","target":{"function":"mp_capable_print","file":"print-mptcp.c"},"deprecated":false,"signature_version":"v1"}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}