{"id":"CVE-2017-5203","details":"The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().","modified":"2026-04-10T03:33:45.963539Z","published":"2017-01-28T01:59:01.077Z","related":["MGASA-2017-0061","SUSE-SU-2017:0656-1","SUSE-SU-2017:1110-1","openSUSE-SU-2024:11425-1"],"references":[{"type":"WEB","url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3775"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/95852"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1037755"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1871"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201702-30"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/the-tcpdump-group/tcpdump","events":[{"introduced":"0"},{"fixed":"cae54f4d943f163541dc7a90f7f5b432859955e4"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.9.0"}]}}],"versions":["tcpdump-3.5.1","tcpdump-3.6.1","tcpdump-3.7.1","tcpdump-3.8-bp","tcpdump-4.5.0","tcpdump-4.6.0","tcpdump-4.6.0-bp","tcpdump-4.7.0-bp"],"database_specific":{"vanir_signatures_modified":"2026-04-10T03:33:45Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-5203.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.5"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]}],"vanir_signatures":[{"signature_version":"v1","source":"https://github.com/the-tcpdump-group/tcpdump/commit/cae54f4d943f163541dc7a90f7f5b432859955e4","signature_type":"Function","id":"CVE-2017-5203-2ba3af18","deprecated":false,"digest":{"function_hash":"31486734027380005103230538229483283558","length":2587},"target":{"function":"ethertype_print","file":"print-ether.c"}},{"signature_version":"v1","source":"https://github.com/the-tcpdump-group/tcpdump/commit/cae54f4d943f163541dc7a90f7f5b432859955e4","signature_type":"Line","id":"CVE-2017-5203-4cb9a0ba","deprecated":false,"digest":{"line_hashes":["289962869142539033919548699903735971895","321187814844074319440356878954916582618","96278794428690994985504688327165122951","334924286569736786368128921431302191310"],"threshold":0.9},"target":{"file":"print-ether.c"}},{"signature_version":"v1","source":"https://github.com/the-tcpdump-group/tcpdump/commit/cae54f4d943f163541dc7a90f7f5b432859955e4","signature_type":"Line","id":"CVE-2017-5203-7041f422","deprecated":false,"digest":{"line_hashes":["208063356587562841728207749352312617633","94369104648756919419866969560637031504","158530789875360221930177539868533298858","253446335086249471187651377860820435235"],"threshold":0.9},"target":{"file":"netdissect.h"}},{"signature_version":"v1","source":"https://github.com/the-tcpdump-group/tcpdump/commit/cae54f4d943f163541dc7a90f7f5b432859955e4","signature_type":"Line","id":"CVE-2017-5203-90c9aa2a","deprecated":false,"digest":{"line_hashes":["114946376029719487727067709523051033051","227334674829184980067944298911146947115","210376600301944043403573276686938546462","178848560193805662289114191287577780030","275264082656881882204531968707571331121","125472290036734832543852872169378264835","173676936645231007527992549401569557625","288479365740565370114994721279060580351","109609806529605983880753254914716894236","142606612004130782709107352262636392155","29719618684433844042017610474921887645","226023839603229667093098466115918767045","72712425789080240366374511061789058613","151346982239502861005805789530967240933","336759652068049672908093915736280119824","206371089863004604069910662208531735471","223713852872945044680520491862189426699","190210319895479423224763214308807174099","79472329640795828550526242935079441795","337237102835808452012520121951202183188","326954748457766422394896389595937310919","164383034353028065510931221836837725166","232747210196469577238906567634162708264","100592845038565327953900512326475285722","109264432762985498185441714222958983220"],"threshold":0.9},"target":{"file":"print-medsa.c"}},{"signature_version":"v1","source":"https://github.com/the-tcpdump-group/tcpdump/commit/cae54f4d943f163541dc7a90f7f5b432859955e4","signature_type":"Function","id":"CVE-2017-5203-e7c0e582","deprecated":false,"digest":{"function_hash":"285468102648205064789132629197542510522","length":1324},"target":{"function":"medsa_print","file":"print-medsa.c"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}