CVE-2004-0183
tcpdump - denial of service
EPSS 30.2%
Description
TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.
How to fix CVE-2004-0183
To remediate CVE-2004-0183, upgrade the affected package to a fixed version below.
- Debian/tcpdump—upgrade to 3.7.2-4 or later
- Debian/tcpdump—upgrade to 3.6.2-2.8 or later
Is CVE-2004-0183 being exploited?
Moderate — EPSS is 30.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 3.7.2-4
- from 0, < 3.6.2-2.8