CVE-2018-16230 : What You Need to Know

Tcpdump version 4.9.3 and earlier have a buffer over-read vulnerability in the BGP parser located in print-bgp.c's bgp_attr_print() function specifically relating to MP_REACH_NLRI.

Understanding CVE-2018-16230

The vulnerability in Tcpdump version 4.9.3 and earlier can lead to a buffer over-read issue in the BGP parser.

What is CVE-2018-16230?

The BGP parser in Tcpdump before version 4.9.3 has a buffer over-read vulnerability in the bgp_attr_print() function, specifically related to MP_REACH_NLRI.

The Impact of CVE-2018-16230

This vulnerability could allow an attacker to exploit the buffer over-read issue, potentially leading to information disclosure or denial of service.

Technical Details of CVE-2018-16230

Tcpdump version 4.9.3 and earlier are affected by this vulnerability.

Vulnerability Description

The BGP parser in Tcpdump before version 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).

Affected Systems and Versions

Product: n/a
Vendor: n/a
Versions affected: 4.9.3 and earlier

Exploitation Mechanism

The vulnerability can be exploited by crafting a malicious BGP packet to trigger the buffer over-read in the bgp_attr_print() function.

Mitigation and Prevention

It is crucial to take immediate steps to mitigate the risks posed by CVE-2018-16230.

Immediate Steps to Take

Update Tcpdump to version 4.9.3 or later to patch the vulnerability.
Monitor network traffic for any suspicious BGP packets.

Long-Term Security Practices

Regularly update and patch all software to prevent known vulnerabilities.
Implement network segmentation to limit the impact of potential attacks.
Conduct regular security audits and penetration testing to identify and address security weaknesses.

Patching and Updates

Apply security updates and patches provided by Tcpdump promptly to address the buffer over-read vulnerability.