{
  "threat_severity" : "Low",
  "public_date" : "2019-10-02T00:00:00Z",
  "bugzilla" : {
    "description" : "tcpdump: Buffer over-read in icmp_print() function in print-icmp.c",
    "id" : "1760455",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1760455"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-125",
  "details" : [ "The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().", "An out-of-bounds read flaw was discovered in tcpdump while printing ICMP packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application. System availability is the highest threat from this vulnerability" ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-11-04T00:00:00Z",
    "advisory" : "RHSA-2020:4760",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "tcpdump-14:4.9.3-1.el8"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Out of support scope",
    "package_name" : "tcpdump",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "tcpdump",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "tcpdump",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-14462\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14462" ],
  "name" : "CVE-2018-14462",
  "csaw" : false
}