{
  "threat_severity" : "Moderate",
  "public_date" : "2017-09-13T00:00:00Z",
  "bugzilla" : {
    "description" : "tcpdump: Buffer overflow in util-print.c:bittok2str_internal()",
    "id" : "1490578",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1490578"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-120",
  "details" : [ "Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal().", "A vulnerability was found in tcpdump's verbose printing of packet data. A crafted pcap file or specially crafted network traffic could cause tcpdump to write out of bounds in the BSS segment, potentially causing tcpdump to display truncated or incorrectly decoded fields or crash with a segmentation violation. This does not affect tcpdump when used with the -w option to save a pcap file." ],
  "acknowledgement" : "Red Hat would like to thank the Tcpdump project for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2018-04-10T00:00:00Z",
    "advisory" : "RHEA-2018:0705",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "tcpdump-14:4.9.2-3.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "tcpdump",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "tcpdump",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-13011\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13011" ],
  "name" : "CVE-2017-13011",
  "csaw" : false
}