PublicDateAtUSN: 2018-11-25 20:29:00 UTC
Candidate: CVE-2018-19519
PublicDate: 2018-11-25 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19519
 https://github.com/zyingp/temp/blob/master/tcpdump.md
 https://ubuntu.com/security/notices/USN-4252-1
 https://ubuntu.com/security/notices/USN-4252-2
Description:
 In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix
 function of print-hncp.c via crafted packet data because of missing
 initialization.
Ubuntu-Description:
Notes:
Bugs:
 https://github.com/the-tcpdump-group/tcpdump/issues/763
Priority: low
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N [5.5 MEDIUM]


Patches_tcpdump:
upstream_tcpdump: released (4.9.3)
precise/esm_tcpdump: released (4.9.3-0ubuntu0.12.04.1)
trusty_tcpdump: ignored (out of standard support)
trusty/esm_tcpdump: released (4.9.3-0ubuntu0.14.04.1+esm1)
xenial_tcpdump: released (4.9.3-0ubuntu0.16.04.1)
esm-infra/xenial_tcpdump: released (4.9.3-0ubuntu0.16.04.1)
bionic_tcpdump: released (4.9.3-0ubuntu0.18.04.1)
disco_tcpdump: ignored (reached end-of-life)
eoan_tcpdump: not-affected (4.9.3-2)
devel_tcpdump: not-affected (4.9.3-4)