Details of VAR-201709-0094

ID

VAR-201709-0094

CVE

CVE-2015-3138

TITLE

tcpdump Input validation vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2015-007941 // CNNVD: CNNVD-201709-1282

DESCRIPTION

print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash). tcpdump Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TcpDump can completely intercept the data packets transmitted in the network for analysis. It supports filtering for the network layer, protocol, host, network or port, and provides logical statements such as and, or, not to help you remove useless information

Trust: 2.16

sources: NVD: CVE-2015-3138 // JVNDB: JVNDB-2015-007941 // CNVD: CNVD-2017-34692

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-34692

AFFECTED PRODUCTS

vendor:	opensuse	model:	leap	scope:	eq	version:	42.1	Trust: 2.4
vendor:	opensuse	model:	leap	scope:	eq	version:	42.2	Trust: 2.4
vendor:	tcpdump	model:	tcpdump	scope:	lte	version:	4.7.3	Trust: 1.0
vendor:	the tcpdump group	model:	tcpdump	scope:	lt	version:	4.7.4	Trust: 0.8
vendor:	tcpdump	model:	tcpdump	scope:	lt	version:	4.7.4	Trust: 0.6

sources: CNVD: CNVD-2017-34692 // JVNDB: JVNDB-2015-007941 // CNNVD: CNNVD-201709-1282 // NVD: CVE-2015-3138

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-3138
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-3138
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-34692
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201709-1282
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2015-3138
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-34692
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2015-3138
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-34692 // JVNDB: JVNDB-2015-007941 // CNNVD: CNNVD-201709-1282 // NVD: CVE-2015-3138

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2015-007941 // NVD: CVE-2015-3138

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-1282

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201709-1282

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-007941

PATCH

title:	whiteboard: fixup a few reversed tests (GH #446)	url:	https://github.com/the-tcpdump-group/tcpdump/commit/3ed82f4ed0095768529afc22b923c8f7171fff70	Trust: 0.8
title:	CVE-2015-3138 over-read issues in tcpdump Whiteboard decoder #446	url:	https://github.com/the-tcpdump-group/tcpdump/issues/446	Trust: 0.8
title:	openSUSE-SU-2017:1199	url:	https://lists.opensuse.org/opensuse-updates/2017-05/msg00018.html	Trust: 0.8
title:	Bug 1212342	url:	https://bugzilla.redhat.com/show_bug.cgi?id=1212342	Trust: 0.8
title:	Patch for Tcpdump Denial of Service Vulnerability (CNVD-2017-34692)	url:	https://www.cnvd.org.cn/patchInfo/show/106498	Trust: 0.6
title:	tcpdump Enter the fix for the verification vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75180	Trust: 0.6

sources: CNVD: CNVD-2017-34692 // JVNDB: JVNDB-2015-007941 // CNNVD: CNNVD-201709-1282

EXTERNAL IDS

db:	NVD	id:	CVE-2015-3138	Trust: 3.0
db:	JVNDB	id:	JVNDB-2015-007941	Trust: 0.8
db:	CNVD	id:	CNVD-2017-34692	Trust: 0.6
db:	CNNVD	id:	CNNVD-201709-1282	Trust: 0.6

sources: CNVD: CNVD-2017-34692 // JVNDB: JVNDB-2015-007941 // CNNVD: CNNVD-201709-1282 // NVD: CVE-2015-3138

REFERENCES

url:	http://lists.opensuse.org/opensuse-updates/2017-05/msg00018.html	Trust: 1.6
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1212342	Trust: 1.6
url:	https://github.com/the-tcpdump-group/tcpdump/commit/3ed82f4ed0095768529afc22b923c8f7171fff70	Trust: 1.6
url:	https://github.com/the-tcpdump-group/tcpdump/issues/446	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3138	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3138	Trust: 0.8

sources: CNVD: CNVD-2017-34692 // JVNDB: JVNDB-2015-007941 // CNNVD: CNNVD-201709-1282 // NVD: CVE-2015-3138

SOURCES

db:	CNVD	id:	CNVD-2017-34692
db:	JVNDB	id:	JVNDB-2015-007941
db:	CNNVD	id:	CNNVD-201709-1282
db:	NVD	id:	CVE-2015-3138

LAST UPDATE DATE

2024-08-14T15:08:14.768000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-34692	date:	2017-11-21T00:00:00
db:	JVNDB	id:	JVNDB-2015-007941	date:	2017-10-17T00:00:00
db:	CNNVD	id:	CNNVD-201709-1282	date:	2017-10-09T00:00:00
db:	NVD	id:	CVE-2015-3138	date:	2018-10-30T16:27:33.013

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-34692	date:	2017-11-21T00:00:00
db:	JVNDB	id:	JVNDB-2015-007941	date:	2017-10-17T00:00:00
db:	CNNVD	id:	CNNVD-201709-1282	date:	2017-09-27T00:00:00
db:	NVD	id:	CVE-2015-3138	date:	2017-09-28T01:29:00.560