Browse all 10 CVE security advisories affecting The TCPdump Group. AI-powered Chinese analysis, POCs, and references for each vulnerability.
The Tcpdump Group develops tcpdump, a widely used network traffic analysis tool for packet sniffing and debugging. Historically, its vulnerabilities have frequently included buffer overflows leading to remote code execution, integer overflows, and denial-of-service conditions. Privilege escalation vulnerabilities have also been identified in certain implementations. While no major public security incidents have been widely documented, the tool's extensive deployment in critical infrastructure makes its security posture significant. The project maintains a moderate vulnerability count with 10 CVEs on record, primarily focusing on memory safety issues and input validation flaws in packet parsing, reflecting the challenges of handling untrusted network data.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-11964 | OOBW in utf_16le_to_utf_8_truncated() in libpcap — libpcapCWE-787 | 1.9 | Low | 2025-12-31 |
| CVE-2025-11961 | OOBR and OOBW in pcap_ether_aton() in libpcap — libpcapCWE-126 | 1.9 | Low | 2025-12-31 |
| CVE-2024-8006 | NULL pointer dereference in libpcap before 1.10.5 with remote packet capture support — libpcapCWE-476 | 4.4 | Medium | 2024-08-30 |
| CVE-2023-7256 | Double-free in libpcap before 1.10.5 with remote packet capture support. — libpcapCWE-415 | 4.4 | Medium | 2024-08-30 |
| CVE-2024-2397 | infinite loop in the PPP printer of tcpdump — tcpdumpCWE-835 | 6.2 | Medium | 2024-04-12 |
| CVE-2023-1801 | tcpdump 缓冲区错误漏洞 — tcpdumpCWE-787 | 8.1 | - | 2023-04-07 |
| CVE-2021-41043 | tcpslice 资源管理错误漏洞 — tcpsliceCWE-416 | 8.1 | - | 2022-01-05 |
| CVE-2020-8036 | str2tokbuf used incorrectly by print-someip.c — tcpdump | 9.1 | - | 2020-11-04 |
| CVE-2020-8037 | ppp decapsulator can be convinced to allocate a large amount of memory — tcpdump | 6.2 | - | 2020-11-04 |
| CVE-2018-16301 | 编码撤回 — tcpdumpCWE-190 | 7.0 | - | 2019-10-03 |
This page lists every published CVE security advisory associated with The TCPdump Group. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.