CVE-2020-8037 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Tcpdump	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 50%

Vendor	Product	Version
tcpdump	tcpdump	4.9.3
debian	debian_linux	9.0
apple	mac_os_x	𝑥 < 10.14.6
apple	mac_os_x	10.15 ≤ 𝑥 < 10.15.7
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6:security_update_2019-001
apple	mac_os_x	10.14.6:security_update_2019-002
apple	mac_os_x	10.14.6:security_update_2020-001
apple	mac_os_x	10.14.6:security_update_2020-002
apple	mac_os_x	10.14.6:security_update_2020-003
apple	mac_os_x	10.14.6:security_update_2020-004
apple	mac_os_x	10.14.6:security_update_2020-005
apple	mac_os_x	10.14.6:security_update_2020-006
apple	mac_os_x	10.14.6:security_update_2020-007
apple	mac_os_x	10.14.6:security_update_2021-001
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7:security_update_2020-001
apple	mac_os_x	10.15.7:security_update_2021-001
apple	mac_os_x	10.15.7:supplemental_update
apple	macos	11.0 ≤ 𝑥 < 11.3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

tcpdump

bullseye	4.99.0-2+deb11u1 fixed
bookworm	4.99.3-1 fixed
sid	4.99.5-1 fixed
trixie	4.99.5-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

tcpdump

noble	not-affected
mantic	not-affected
lunar	not-affected
kinetic	not-affected
jammy	not-affected
impish	not-affected
hirsute	not-affected
groovy	ignored
focal	Fixed 4.9.3-4ubuntu0.1 released
bionic	Fixed 4.9.3-0ubuntu0.18.04.2 released
xenial	Fixed 4.9.3-0ubuntu0.16.04.1+esm1 released
trusty	needed

Common Weakness Enumeration

CWE-770 - Allocation of Resources Without Limits or Throttling
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References

http://seclists.org/fulldisclosure/2021/Apr/51

https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231

https://lists.debian.org/debian-lts-announce/2020/11/msg00018.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2MX34MJIUJQGL6CMEPLTKFOOOC3CJ4Z/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWDBONZVLC6BAOR2KM376DJCM4H3FERV/

https://support.apple.com/kb/HT212325

https://support.apple.com/kb/HT212326

https://support.apple.com/kb/HT212327

http://seclists.org/fulldisclosure/2021/Apr/51

https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231

https://lists.debian.org/debian-lts-announce/2020/11/msg00018.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2MX34MJIUJQGL6CMEPLTKFOOOC3CJ4Z/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWDBONZVLC6BAOR2KM376DJCM4H3FERV/

https://support.apple.com/kb/HT212325

https://support.apple.com/kb/HT212326

https://support.apple.com/kb/HT212327