ID

VAR-201709-0094


CVE

CVE-2015-3138


TITLE

tcpdump Input validation vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2015-007941 // CNNVD: CNNVD-201709-1282

DESCRIPTION

print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash). tcpdump Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TcpDump can completely intercept the data packets transmitted in the network for analysis. It supports filtering for the network layer, protocol, host, network or port, and provides logical statements such as and, or, not to help you remove useless information

Trust: 2.16

sources: NVD: CVE-2015-3138 // JVNDB: JVNDB-2015-007941 // CNVD: CNVD-2017-34692

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-34692

AFFECTED PRODUCTS

vendor:opensusemodel:leapscope:eqversion:42.1

Trust: 2.4

vendor:opensusemodel:leapscope:eqversion:42.2

Trust: 2.4

vendor:tcpdumpmodel:tcpdumpscope:lteversion:4.7.3

Trust: 1.0

vendor:the tcpdump groupmodel:tcpdumpscope:ltversion:4.7.4

Trust: 0.8

vendor:tcpdumpmodel:tcpdumpscope:ltversion:4.7.4

Trust: 0.6

sources: CNVD: CNVD-2017-34692 // JVNDB: JVNDB-2015-007941 // CNNVD: CNNVD-201709-1282 // NVD: CVE-2015-3138

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3138
value: HIGH

Trust: 1.0

NVD: CVE-2015-3138
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-34692
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201709-1282
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2015-3138
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-34692
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2015-3138
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-34692 // JVNDB: JVNDB-2015-007941 // CNNVD: CNNVD-201709-1282 // NVD: CVE-2015-3138

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2015-007941 // NVD: CVE-2015-3138

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-1282

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201709-1282

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-007941

PATCH

title:whiteboard: fixup a few reversed tests (GH #446)url:https://github.com/the-tcpdump-group/tcpdump/commit/3ed82f4ed0095768529afc22b923c8f7171fff70

Trust: 0.8

title:CVE-2015-3138 over-read issues in tcpdump Whiteboard decoder #446url:https://github.com/the-tcpdump-group/tcpdump/issues/446

Trust: 0.8

title:openSUSE-SU-2017:1199url:https://lists.opensuse.org/opensuse-updates/2017-05/msg00018.html

Trust: 0.8

title:Bug 1212342url:https://bugzilla.redhat.com/show_bug.cgi?id=1212342

Trust: 0.8

title:Patch for Tcpdump Denial of Service Vulnerability (CNVD-2017-34692)url:https://www.cnvd.org.cn/patchInfo/show/106498

Trust: 0.6

title:tcpdump Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75180

Trust: 0.6

sources: CNVD: CNVD-2017-34692 // JVNDB: JVNDB-2015-007941 // CNNVD: CNNVD-201709-1282

EXTERNAL IDS

db:NVDid:CVE-2015-3138

Trust: 3.0

db:JVNDBid:JVNDB-2015-007941

Trust: 0.8

db:CNVDid:CNVD-2017-34692

Trust: 0.6

db:CNNVDid:CNNVD-201709-1282

Trust: 0.6

sources: CNVD: CNVD-2017-34692 // JVNDB: JVNDB-2015-007941 // CNNVD: CNNVD-201709-1282 // NVD: CVE-2015-3138

REFERENCES

url:http://lists.opensuse.org/opensuse-updates/2017-05/msg00018.html

Trust: 1.6

url:https://bugzilla.redhat.com/show_bug.cgi?id=1212342

Trust: 1.6

url:https://github.com/the-tcpdump-group/tcpdump/commit/3ed82f4ed0095768529afc22b923c8f7171fff70

Trust: 1.6

url:https://github.com/the-tcpdump-group/tcpdump/issues/446

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2015-3138

Trust: 1.4

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3138

Trust: 0.8

sources: CNVD: CNVD-2017-34692 // JVNDB: JVNDB-2015-007941 // CNNVD: CNNVD-201709-1282 // NVD: CVE-2015-3138

SOURCES

db:CNVDid:CNVD-2017-34692
db:JVNDBid:JVNDB-2015-007941
db:CNNVDid:CNNVD-201709-1282
db:NVDid:CVE-2015-3138

LAST UPDATE DATE

2024-08-14T15:08:14.768000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-34692date:2017-11-21T00:00:00
db:JVNDBid:JVNDB-2015-007941date:2017-10-17T00:00:00
db:CNNVDid:CNNVD-201709-1282date:2017-10-09T00:00:00
db:NVDid:CVE-2015-3138date:2018-10-30T16:27:33.013

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-34692date:2017-11-21T00:00:00
db:JVNDBid:JVNDB-2015-007941date:2017-10-17T00:00:00
db:CNNVDid:CNNVD-201709-1282date:2017-09-27T00:00:00
db:NVDid:CVE-2015-3138date:2017-09-28T01:29:00.560