CVE-2018-14880: High severity macos catalina vulnerability

Q: What is the severity of CVE-2018-14880?

CVE-2018-14880 is classified as a medium severity vulnerability due to a buffer over-read in tcpdump's OSPFv3 parser.

Q: How do I fix CVE-2018-14880?

To mitigate CVE-2018-14880, upgrade tcpdump to version 4.9.3 or later.

Q: Which systems are affected by CVE-2018-14880?

CVE-2018-14880 affects older versions of tcpdump and libpcap across various operating systems, including multiple versions of macOS and Debian.

Q: What are the potential impacts of exploiting CVE-2018-14880?

Exploiting CVE-2018-14880 could lead to information leakage through unintended data exposure.

Q: Is there a known exploit for CVE-2018-14880?

As of now, there are no publicly available exploits specifically targeting CVE-2018-14880.

Published Oct 3, 2019

Updated

Last updated 24 July 2024

Other sources

tcpdump. Multiple issues were addressed by updating to tcpdump version 4.9.3 and libpcap version 1.9.1

The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6printlshdr().

— Launchpad

Credit

CVE-2017-16808, CVE-2018-10103, CVE-2018-10105, CVE-2018-14461, CVE-2018-14462, CVE-2018-14463, CVE-2018-14464, CVE-2018-14465, CVE-2018-14466, CVE-2018-14467, CVE-2018-14468, CVE-2018-14469, CVE-2018-14470, CVE-2018-14879, CVE-2018-14880, CVE-2018-14881, CVE-2018-14882, CVE-2018-16227, CVE-2018-16228, CVE-2018-16229, CVE-2018-16230, CVE-2018-16300, CVE-2018-16301, CVE-2018-16451, CVE-2018-16452, CVE-2019-15166, CVE-2019-15167

Affected Software

87 affected componentsFixes available

debian/tcpdump

4.99.0-2+deb11u14.99.3-14.99.5-1

Apple macOS Catalina<10.15.2

10.15.2

Apple Mojave

Apple High Sierra

tcpdump tcpdump<4.9.3

Apple iOS and macOS<10.15.2

Debian Debian Linux=8.0

Debian Debian Linux=9.0

Debian Debian Linux=10.0

Fedoraproject Fedora=29

Fedoraproject Fedora=30

Fedoraproject Fedora=31

openSUSE Leap=15.0

openSUSE Leap=15.1

redhat Enterprise Linux=7.0

redhat Enterprise Linux=8.0

F5 BIG-IQ Centralized Management>=5.2.0<=5.4.0

F5 BIG-IQ Centralized Management>=6.0.0<=6.1.0

F5 BIG-IQ Centralized Management=7.0.0

F5 BIG-IP Access Policy Manager>=11.5.2<=11.6.5

F5 BIG-IP Access Policy Manager>=12.1.0<=12.1.5

F5 BIG-IP Access Policy Manager>=13.1.0<=13.1.3

F5 BIG-IP Access Policy Manager>=14.0.0<=14.1.2

F5 BIG-IP Access Policy Manager>=15.0.0<=15.0.1

F5 BIG-IP Advanced Firewall Manager>=11.5.2<=11.6.5

F5 BIG-IP Advanced Firewall Manager>=12.1.0<=12.1.5

F5 BIG-IP Advanced Firewall Manager>=13.1.0<=13.1.3

F5 BIG-IP Advanced Firewall Manager>=14.0.0<=14.1.2

F5 BIG-IP Advanced Firewall Manager>=15.0.0<=15.0.1

F5 BIG-IP Analytics>=11.5.2<=11.6.5

F5 BIG-IP Analytics>=12.1.0<=12.1.5

F5 BIG-IP Analytics>=13.1.0<=13.1.3

F5 BIG-IP Analytics>=14.0.0<=14.1.2

F5 BIG-IP Analytics>=15.0.0<=15.0.1

F5 Big-ip Application Acceleration Manager>=11.5.2<=11.6.5

F5 Big-ip Application Acceleration Manager>=12.1.0<=12.1.5

F5 Big-ip Application Acceleration Manager>=13.1.0<=13.1.3

F5 Big-ip Application Acceleration Manager>=14.0.0<=14.1.2

F5 Big-ip Application Acceleration Manager>=15.0.0<=15.0.1

F5 BIG-IP Application Security Manager>=11.5.2<=11.6.5

F5 BIG-IP Application Security Manager>=12.1.0<=12.1.5

F5 BIG-IP Application Security Manager>=13.1.0<=13.1.3

F5 BIG-IP Application Security Manager>=14.0.0<=14.1.2

F5 BIG-IP Application Security Manager>=15.0.0<=15.0.1

F5 Big-ip Domain Name System>=11.5.2<=11.6.5

F5 Big-ip Domain Name System>=12.1.0<=12.1.5

F5 Big-ip Domain Name System>=13.1.0<=13.1.3

F5 Big-ip Domain Name System>=14.0.0<=14.1.2

F5 Big-ip Domain Name System>=15.0.0<=15.0.1

F5 BIG-IP Edge Gateway>=11.5.2<=11.6.5

F5 BIG-IP Edge Gateway>=12.1.0<=12.1.5

F5 BIG-IP Edge Gateway>=13.1.0<=13.1.3

F5 BIG-IP Edge Gateway>=14.0.0<=14.1.2

F5 BIG-IP Edge Gateway>=15.0.0<=15.0.1

F5 Big-ip Fraud Protection Service>=11.5.2<=11.6.5

F5 Big-ip Fraud Protection Service>=12.1.0<=12.1.5

F5 Big-ip Fraud Protection Service>=13.1.0<=13.1.3

F5 Big-ip Fraud Protection Service>=14.0.0<=14.1.2

F5 Big-ip Fraud Protection Service>=15.0.0<=15.0.1

F5 Big-ip Global Traffic Manager>=11.5.2<=11.6.5

F5 Big-ip Global Traffic Manager>=12.1.0<=12.1.5

F5 Big-ip Global Traffic Manager>=13.1.0<=13.1.3

F5 Big-ip Global Traffic Manager>=14.0.0<=14.1.2

F5 Big-ip Global Traffic Manager>=15.0.0<=15.0.1

F5 Big-ip Link Controller>=11.5.2<=11.6.5

F5 Big-ip Link Controller>=12.1.0<=12.1.5

F5 Big-ip Link Controller>=13.1.0<=13.1.3

F5 Big-ip Link Controller>=14.0.0<=14.1.2

F5 Big-ip Link Controller>=15.0.0<=15.0.1

F5 Big-ip Local Traffic Manager>=11.5.2<=11.6.5

F5 Big-ip Local Traffic Manager>=12.1.0<=12.1.5

F5 Big-ip Local Traffic Manager>=13.1.0<=13.1.3

F5 Big-ip Local Traffic Manager>=14.0.0<=14.1.2

F5 Big-ip Local Traffic Manager>=15.0.0<=15.0.1

F5 Big-ip Policy Enforcement Manager>=11.5.2<=11.6.5

F5 Big-ip Policy Enforcement Manager>=12.1.0<=12.1.5

F5 Big-ip Policy Enforcement Manager>=13.1.0<=13.1.3

F5 Big-ip Policy Enforcement Manager>=14.0.0<=14.1.2

F5 Big-ip Policy Enforcement Manager>=15.0.0<=15.0.1

F5 Big-ip Webaccelerator>=11.5.2<=11.6.5

F5 Big-ip Webaccelerator>=12.1.0<=12.1.5

F5 Big-ip Webaccelerator>=13.1.0<=13.1.3

F5 Big-ip Webaccelerator>=14.0.0<=14.1.2

F5 Big-ip Webaccelerator>=15.0.0<=15.0.1

F5 Enterprise Manager=3.1.1

F5 iWorkflow=2.3.0

F5 Traffix Signaling Delivery Controller>=5.0.0<=5.1.0

Remediation

Patch Available

https://github.com/the-tcpdump-group/tcpdump/commit/e01c9bf76740802025c9328901b55ee4a0c49ed6

Event History

Oct 3, 2019

CVE Published

via MITRE·03:35 PM

Data Sourced

via MITRE·03:35 PM

Description

Jan 11, 2024

Data Sourced

via Launchpad·10:52 PM

Description

Sep 16, 2024

Data Sourced

via Ubuntu·01:58 AM

RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

HT210788

Frequently Asked Questions

What is the severity of CVE-2018-14880?

CVE-2018-14880 is classified as a medium severity vulnerability due to a buffer over-read in tcpdump's OSPFv3 parser.

How do I fix CVE-2018-14880?

To mitigate CVE-2018-14880, upgrade tcpdump to version 4.9.3 or later.

Which systems are affected by CVE-2018-14880?

CVE-2018-14880 affects older versions of tcpdump and libpcap across various operating systems, including multiple versions of macOS and Debian.

What are the potential impacts of exploiting CVE-2018-14880?

Exploiting CVE-2018-14880 could lead to information leakage through unintended data exposure.

Is there a known exploit for CVE-2018-14880?

As of now, there are no publicly available exploits specifically targeting CVE-2018-14880.

CVE-2018-14880: High severity macos catalina vulnerability

Other sources

Credit

Affected Software

Remediation

Patch Available

Event History

Parent advisories

Peer vulnerabilities

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2018-14880?

How do I fix CVE-2018-14880?

Which systems are affected by CVE-2018-14880?

What are the potential impacts of exploiting CVE-2018-14880?

Is there a known exploit for CVE-2018-14880?

Company

Resources

Contact