CVE-2015-2154

Description

The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value.

How to fix CVE-2015-2154

To remediate CVE-2015-2154, upgrade the affected package to a fixed version below.

• Debian/tcpdump—upgrade to 4.6.2-4 or later

Is CVE-2015-2154 being exploited?

Low — EPSS is 1.8%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 4.6.2-4

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2015-2154