{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-1801","assignerOrgId":"cfdbb673-b408-4d03-89c1-c3d73ed80896","state":"PUBLISHED","assignerShortName":"Tcpdump","dateReserved":"2023-04-02T11:09:43.663Z","datePublished":"2023-04-07T20:40:55.540Z","dateUpdated":"2025-02-13T16:39:31.168Z"},"containers":{"cna":{"providerMetadata":{"orgId":"cfdbb673-b408-4d03-89c1-c3d73ed80896","shortName":"Tcpdump","dateUpdated":"2023-12-23T07:06:13.184Z"},"descriptions":[{"lang":"en","value":"The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet."}],"affected":[{"vendor":"The Tcpdump Group","product":"tcpdump","programRoutines":[{"name":"smb_fdata1()"}],"versions":[{"version":"4.99.3","status":"affected"}],"defaultStatus":"unaffected"}],"references":[{"url":"https://github.com/the-tcpdump-group/tcpdump/commit/7578e1c04ee280dda50c4c2813e7d55f539c6501","tags":["patch"]},{"url":"https://github.com/the-tcpdump-group/tcpdump/commit/03c037bbd75588beba3ee09f26d17783d21e30bc","tags":["patch"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOA2BJFERAC3VRQIRHJOWN4HZY4ZA7CH/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYL5DEVHRJYF2CM5LTCZKEYFYDZAIZSN/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLLZCG23MU6O4QOG2CX3DLEL3YXP6LAI/"},{"url":"https://support.apple.com/kb/HT213844"},{"url":"https://support.apple.com/kb/HT213845"}],"problemTypes":[{"descriptions":[{"lang":"en","description":"out-of-bounds write","type":"CWE","cweId":"CWE-787"}]}],"configurations":[{"lang":"en","value":"This vulnerability applies only to tcpdump binaries that were compiled with the SMB printer explicitly enabled. The SMB printer compilation is disabled by default."}],"workarounds":[{"lang":"en","value":"Do not enable the SMB printer when building tcpdump 4.99.3."}],"solutions":[{"lang":"en","value":"If using tcpdump 4.99.3, upgrade to 4.99.4."}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T06:05:25.518Z"},"title":"CVE Program Container","references":[{"url":"https://github.com/the-tcpdump-group/tcpdump/commit/7578e1c04ee280dda50c4c2813e7d55f539c6501","tags":["patch","x_transferred"]},{"url":"https://github.com/the-tcpdump-group/tcpdump/commit/03c037bbd75588beba3ee09f26d17783d21e30bc","tags":["patch","x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOA2BJFERAC3VRQIRHJOWN4HZY4ZA7CH/","tags":["x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYL5DEVHRJYF2CM5LTCZKEYFYDZAIZSN/","tags":["x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLLZCG23MU6O4QOG2CX3DLEL3YXP6LAI/","tags":["x_transferred"]},{"url":"https://support.apple.com/kb/HT213844","tags":["x_transferred"]},{"url":"https://support.apple.com/kb/HT213845","tags":["x_transferred"]}]}]}}