CVE-2007-3798

CRITICAL EPSS 99.3%
Published Jul 16, 200718y ago · Modified Jun 16, 20262w ago
9.8 CVSS 3.1
Critical
Find Similar
Published Jul 16, 2007 18y ago
Last Modified Jun 16, 2026 2w ago

Description

Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
99.3% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-252

Affected Products 49

VendorProductVersionRange
tcpdumptcpdump* ≤3.9.6
canonicalubuntu_linux6.06any
canonicalubuntu_linux6.10any
canonicalubuntu_linux7.04any
debiandebian_linux3.1any
debiandebian_linux4.0any
slackwareslackware9.0any
slackwareslackware9.1any
slackwareslackware10.0any
slackwareslackware10.1any
slackwareslackware10.2any
slackwareslackware11.0any
slackwareslackware12.0any
freebsdfreebsd*≥5.0  –  <5.5
freebsdfreebsd*≥6.0  –  <6.1
freebsdfreebsd5.5any
freebsdfreebsd5.5any
freebsdfreebsd5.5any
freebsdfreebsd5.5any
freebsdfreebsd5.5any
freebsdfreebsd5.5any
freebsdfreebsd5.5any
freebsdfreebsd5.5any
freebsdfreebsd5.5any
freebsdfreebsd5.5any
freebsdfreebsd5.5any
freebsdfreebsd5.5any
freebsdfreebsd5.5any
freebsdfreebsd6.1any
freebsdfreebsd6.1any
freebsdfreebsd6.1any
freebsdfreebsd6.1any
freebsdfreebsd6.1any
freebsdfreebsd6.1any
freebsdfreebsd6.1any
freebsdfreebsd6.1any
freebsdfreebsd6.1any
freebsdfreebsd6.1any
freebsdfreebsd6.1any
freebsdfreebsd6.1any
freebsdfreebsd6.1any
freebsdfreebsd6.1any
freebsdfreebsd6.2any
freebsdfreebsd6.2any
freebsdfreebsd6.2any
freebsdfreebsd6.2any
freebsdfreebsd6.2any
applemac_os_x*≥10.0.0  –  <10.4.11
applemac_os_x_server*≥10.0.0  –  <10.4.11

References 35

  • bugs.gentoo.org http://bugs.gentoo.org/show_bug.cgi?id=184815
    Third Party Advisory
  • cvs.tcpdump.org http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11&r2=1.91.2.12
    Broken Link
  • docs.info.apple.com http://docs.info.apple.com/article.html?artnum=307179
    Broken Link
  • lists.apple.com http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
    Mailing List
  • secunia.com http://secunia.com/advisories/26135
    Broken LinkVendor Advisory
  • secunia.com http://secunia.com/advisories/26168
    Broken LinkVendor Advisory
  • secunia.com http://secunia.com/advisories/26223
    Broken LinkVendor Advisory
  • secunia.com http://secunia.com/advisories/26231
    Broken LinkVendor Advisory
  • secunia.com http://secunia.com/advisories/26263
    Broken LinkVendor Advisory
  • secunia.com http://secunia.com/advisories/26266
    Broken LinkVendor Advisory
  • secunia.com http://secunia.com/advisories/26286
    Broken LinkVendor Advisory
  • secunia.com http://secunia.com/advisories/26395
    Broken LinkVendor Advisory
  • secunia.com http://secunia.com/advisories/26404
    Broken LinkVendor Advisory
  • secunia.com http://secunia.com/advisories/26521
    Broken LinkVendor Advisory
  • secunia.com http://secunia.com/advisories/27580
    Broken LinkVendor Advisory
  • secunia.com http://secunia.com/advisories/28136
    Broken LinkVendor Advisory
  • security.freebsd.org http://security.freebsd.org/advisories/FreeBSD-SA-07:06.tcpdump.asc
    Third Party Advisory
  • security.gentoo.org http://security.gentoo.org/glsa/glsa-200707-14.xml
    Third Party Advisory
  • slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.449313
    Mailing ListPatch
  • debian.org http://www.debian.org/security/2007/dsa-1353
    Third Party Advisory
  • digit-labs.org http://www.digit-labs.org/files/exploits/private/tcpdump-bgp.c
    Exploit
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2007:148
    Third Party Advisory
  • novell.com http://www.novell.com/linux/security/advisories/2007_16_sr.html
    Broken Link
  • redhat.com http://www.redhat.com/support/errata/RHSA-2007-0368.html
    Broken Link
  • redhat.com http://www.redhat.com/support/errata/RHSA-2007-0387.html
    Broken LinkVendor Advisory
  • securityfocus.com http://www.securityfocus.com/archive/1/474225/100/0/threaded
    Broken LinkThird Party AdvisoryVDB Entry
  • securityfocus.com http://www.securityfocus.com/bid/24965
    Broken LinkThird Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id?1018434
    Broken LinkThird Party AdvisoryVDB Entry
  • trustix.org http://www.trustix.org/errata/2007/0023/
    Broken Link
  • turbolinux.com http://www.turbolinux.com/security/2007/TLSA-2007-46.txt
    Broken Link
  • ubuntu.com http://www.ubuntu.com/usn/usn-492-1
    Third Party Advisory
  • us-cert.gov http://www.us-cert.gov/cas/techalerts/TA07-352A.html
    Broken LinkThird Party AdvisoryUS Government Resource
  • vupen.com http://www.vupen.com/english/advisories/2007/2578
    Broken LinkVendor Advisory
  • vupen.com http://www.vupen.com/english/advisories/2007/4238
    Broken LinkVendor Advisory
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9771
    Broken Link

Remediation

  • slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.449313
    Mailing ListPatch