CVE Vulnerabilities

CVE-2003-1029

Published: Feb 17, 2004 | Modified: Oct 19, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets.

Affected Software

Name Vendor Start Version End Version
Tcpdump Lbl 3.4 (including) 3.4 (including)
Tcpdump Lbl 3.5 (including) 3.5 (including)
Tcpdump Lbl 3.5.2 (including) 3.5.2 (including)
Tcpdump Lbl 3.6.2 (including) 3.6.2 (including)
Tcpdump Lbl 3.6.3 (including) 3.6.3 (including)
Tcpdump Lbl 3.7 (including) 3.7 (including)

References