CVE-2014-8767
tcpdump - security update
EPSS 6.5%
Description
Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame.
How to fix CVE-2014-8767
To remediate CVE-2014-8767, upgrade the affected package to a fixed version below.
- Debian/tcpdump—upgrade to 4.6.2-2 or later
- Debian/tcpdump—upgrade to 4.1.1-1+deb6u1 or later
- Debian/tcpdump—upgrade to 4.3.0-1+deb7u1 or later
Is CVE-2014-8767 being exploited?
Moderate — EPSS is 6.5%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 4.6.2-2
- from 0, < 4.1.1-1+deb6u1
- from 0, < 4.3.0-1+deb7u1