PublicDateAtUSN: 2014-11-20
Candidate: CVE-2014-8768
PublicDate: 2014-11-20 17:50:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8768
 http://www.securityfocus.com/archive/1/534010/30/0/threaded
 https://ubuntu.com/security/notices/USN-2433-1
Description:
 Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0
 through 4.6.2, when in verbose mode, allow remote attackers to cause a
 denial of service (segmentation fault and crash) via a crafted length value
 in a Geonet frame.
Ubuntu-Description:
Notes:
 mdeslaur> introduced in 4.5.0
Bugs:
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770415
Priority: low
Discovered-by: Steffen Bauch
Assigned-to: mdeslaur
CVSS: 

Patches_tcpdump:
 upstream: https://github.com/the-tcpdump-group/tcpdump/commit/9255c9b05b0a04b8d89739b3efcb9f393a617fe9
upstream_tcpdump: released (4.6.2-2)
lucid_tcpdump: not-affected (4.0.0-6ubuntu3)
precise_tcpdump: not-affected (4.2.1-1ubuntu2)
trusty_tcpdump: released (4.5.1-2ubuntu1.1)
trusty/esm_tcpdump: released (4.5.1-2ubuntu1.1)
utopic_tcpdump: released (4.6.2-1ubuntu1.1)
devel_tcpdump: not-affected (4.6.2-3ubuntu1)