VDB
CVE-2003-1029
CVE-2003-1029
PUBLISHED
CVSS 5 MEDIUM
The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets.
EPSS 21.39% · 95.8th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
21.39%
95.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| lbl | tcpdump | 3.6.2, 3.4, 3.5 |
| n/a | n/a | n/a |
Timeline
- Jan 15, 2004 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- 10718 third-party-advisory
- 10668 third-party-advisory
- http://www.debian.org/security/2004/dsa-425 patch
- [tcpdump-workers] 20031224 Seg fault of tcpdump (v 3.8.1 and below) with malformed l2tp packets mailing-list
- 10636 third-party-advisory
- 1008748 vdb
- ESA-20040119-002 vendor-advisory
- MDKSA-2004:008 vendor-advisory
- 20040119 [ESA-20040119-002] 'tcpdump' multiple vulnerabilities. mailing-list
- 10652 third-party-advisory
- 20031221 Re: Remote crash in tcpdump from OpenBSD mailing-list
- 20031220 Remote crash in tcpdump from OpenBSD mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2003-1029 advisory
- http://lwn.net/Alerts/66805 url