CVE-2015-0261
tcpdump - security update
EPSS 1.4%
Description
Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value.
How to fix CVE-2015-0261
To remediate CVE-2015-0261, upgrade the affected package to a fixed version below.
- Debian/tcpdump—upgrade to 4.6.2-4 or later
- Debian/tcpdump—upgrade to 4.1.1-1+deb6u2 or later
- Debian/tcpdump—upgrade to 4.3.0-1+deb7u2 or later
Is CVE-2015-0261 being exploited?
Low — EPSS is 1.4%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 4.6.2-4
- from 0, < 4.1.1-1+deb6u2
- from 0, < 4.3.0-1+deb7u2