CVE-2020-8037

moderate-risk
Published 2020-11-04

The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.

Do I need to act?

-
0.27% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

Affected Vendors

Debian Apple Tcpdump Fedoraproject

References (16)

Mailing List http://seclists.org/fulldisclosure/2021/Apr/51
Patch https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd...
Mailing List https://lists.debian.org/debian-lts-announce/2020/11/msg00018.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Third Party Advisory https://support.apple.com/kb/HT212325
Third Party Advisory https://support.apple.com/kb/HT212326
Third Party Advisory https://support.apple.com/kb/HT212327
Mailing List http://seclists.org/fulldisclosure/2021/Apr/51
Patch https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd...
Mailing List https://lists.debian.org/debian-lts-announce/2020/11/msg00018.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Third Party Advisory https://support.apple.com/kb/HT212325
Third Party Advisory https://support.apple.com/kb/HT212326
Third Party Advisory https://support.apple.com/kb/HT212327
47
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 20/34 · Moderate