CVE-2017-12995 : What You Need to Know
Learn about CVE-2017-12995, a vulnerability in tcpdump versions before 4.9.2 that could lead to a denial of service. Find out how to mitigate the issue and protect your network.
A bug within the print-domain.c:ns_print() function in tcpdump versions prior to 4.9.2 could cause the DNS parser to become stuck in an endless loop.
Understanding CVE-2017-12995
What is CVE-2017-12995?
The DNS parser in tcpdump before version 4.9.2 could enter an infinite loop due to a bug in the print-domain.c:ns_print() function.
The Impact of CVE-2017-12995
This vulnerability could lead to a denial of service (DoS) condition by causing the DNS parser to get stuck in an endless loop, potentially disrupting network traffic analysis.
Technical Details of CVE-2017-12995
Vulnerability Description
The bug in the print-domain.c:ns_print() function in tcpdump versions prior to 4.9.2 could trigger an infinite loop in the DNS parser.
Affected Systems and Versions
- Affected versions: tcpdump versions before 4.9.2
Exploitation Mechanism
The vulnerability can be exploited by sending specially crafted DNS packets to the affected tcpdump version, triggering the infinite loop in the DNS parser.
Mitigation and Prevention
Immediate Steps to Take
- Update tcpdump to version 4.9.2 or later to mitigate the vulnerability.
- Monitor vendor security advisories for patches and updates.
Long-Term Security Practices
- Regularly update and patch software to protect against known vulnerabilities.
- Implement network monitoring and intrusion detection systems to identify unusual network behavior.
Patching and Updates
- Apply patches and updates provided by the tcpdump vendor to address the vulnerability.