CVE-2018-19519: Medium severity tcpdump tcpdump vulnerability
Published Nov 25, 2018
·Updated
In tcpdump 4.9.2, a stack-based buffer over-read exists in the printprefix function of print-hncp.c via crafted packet data because of missing initialization.
Affected Software
2 affected components
tcpdump tcpdump=4.9.2
debian/tcpdump<=4.99.0-2+deb11u1, <=4.99.3-1, <=4.99.5-2, <=4.99.6-2
Event History
Nov 25, 2018
CVE Published
via MITRE·08:00 PM
Data Sourced
via MITRE·08:00 PM
Description
Data Sourced
via NVD·08:29 PM
DescriptionSeverityWeaknessAffected Software
Dec 3, 2018
Data Sourced
via Red Hat·03:55 AM
DescriptionSeverityAffected Software
Dec 5, 2025
Data Sourced
via Ubuntu·06:59 PM
RemedyDescriptionSeverityAffected Software
Feb 19, 2026
Data Sourced
via Launchpad·09:49 PM
Description
Mar 8, 2026
Data Sourced
via Debian·10:03 PM
DescriptionAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2018-19519?
The severity of CVE-2018-19519 is low.
2
How can I fix the CVE-2018-19519 vulnerability?
To fix the CVE-2018-19519 vulnerability, update tcpdump to version 4.9.3 or later.
3
Which versions of tcpdump are affected by CVE-2018-19519?
Tcpdump versions 4.9.2 and earlier are affected by CVE-2018-19519.
4
Where can I find more information about CVE-2018-19519?
You can find more information about CVE-2018-19519 at the following references: [1] [2] [3].
5
What is the affected software for CVE-2018-19519?
The affected software for CVE-2018-19519 is tcpdump 4.9.2.