CVE-2018-14461 – This vulnerability in tcpdump's LDP parser allo... (How to Fix)

Q: What is the severity of CVE-2018-14461?

CVE-2018-14461 has a CVSS score of 7.5 (HIGH). This vulnerability in tcpdump's LDP parser allows attackers to trigger a buffer over-read when processing specially crafted LDP packets. Systems running vulnerable versions of tcpdump that process LDP traffic are affected, potentially leading to information disclosure or denial of service.

📋 TL;DR

This vulnerability in tcpdump's LDP parser allows attackers to trigger a buffer over-read when processing specially crafted LDP packets. Systems running vulnerable versions of tcpdump that process LDP traffic are affected, potentially leading to information disclosure or denial of service.

💻 Affected Systems

Products:

tcpdump

Versions: All versions before 4.9.3

Operating Systems: Linux, Unix-like systems, Any OS running tcpdump

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when tcpdump processes LDP (Label Distribution Protocol) packets, typically used in MPLS networks.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, though this is unlikely given the CWE-125 classification (out-of-bounds read rather than write).

🟠

Likely Case

Application crash (denial of service) or information disclosure through memory content leakage.

🟢

If Mitigated

Limited impact with proper network segmentation and minimal exposure of tcpdump to untrusted traffic.

🌐 Internet-Facing: MEDIUM - tcpdump is often used for network analysis but typically not directly internet-facing; risk exists if processing untrusted packets.

🏢 Internal Only: LOW - tcpdump is usually run by administrators with elevated privileges, but exploitation could still cause service disruption.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted LDP packets to a system where tcpdump is running and processing such traffic. Public proof-of-concept exists in disclosure references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: tcpdump 4.9.3 and later

Vendor Advisory: https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES

Restart Required: No

Instructions:

1. Update tcpdump using your distribution's package manager. 2. For source installations: download tcpdump 4.9.3+ from the-tcpdump-group/tcpdump GitHub, compile, and install.

🔧 Temporary Workarounds

Disable LDP parsing

all

Run tcpdump with LDP protocol filtering disabled

tcpdump not ldp

Restrict tcpdump usage

linux

Limit tcpdump execution to trusted users and networks

chmod 750 /usr/sbin/tcpdump
setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump

🧯 If You Can't Patch

Restrict network access to systems running tcpdump, especially from untrusted sources
Monitor for crashes of tcpdump processes and investigate any anomalies

🔍 How to Verify

Check if Vulnerable:

Run: tcpdump --version | head -1. If version is earlier than 4.9.3, system is vulnerable.

Check Version:

tcpdump --version | head -1

Verify Fix Applied:

After update, run: tcpdump --version | head -1. Confirm version is 4.9.3 or higher.

📡 Detection & Monitoring

Log Indicators:

tcpdump segmentation fault or crash logs
unexpected tcpdump process termination

Network Indicators:

Unusual LDP packet patterns directed at monitoring interfaces
MPLS/LDP traffic to non-routing systems

SIEM Query:

process_name="tcpdump" AND (event_type="crash" OR exit_code="139")

📊 Metadata

CVE ID: CVE-2018-14461

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-125

Published: October 3, 2019

Last Updated: December 3, 2025

🔗 References

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html Third Party Advisory
http://seclists.org/fulldisclosure/2019/Dec/26 Mailing List,Third Party Advisory
https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES Release Notes,Third Party Advisory
https://github.com/the-tcpdump-group/tcpdump/commit/aa5c6b710dfd8020d2c908d6b3bd41f1da719b3b Patch,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
https://seclists.org/bugtraq/2019/Dec/23 Mailing List,Third Party Advisory
https://seclists.org/bugtraq/2019/Oct/28 Mailing List,Third Party Advisory
https://security.netapp.com/advisory/ntap-20200120-0001/
https://support.apple.com/kb/HT210788 Third Party Advisory
https://usn.ubuntu.com/4252-1/
https://usn.ubuntu.com/4252-2/
https://www.debian.org/security/2019/dsa-4547 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html Third Party Advisory
http://seclists.org/fulldisclosure/2019/Dec/26 Mailing List,Third Party Advisory
https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES Release Notes,Third Party Advisory
https://github.com/the-tcpdump-group/tcpdump/commit/aa5c6b710dfd8020d2c908d6b3bd41f1da719b3b Patch,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
https://seclists.org/bugtraq/2019/Dec/23 Mailing List,Third Party Advisory
https://seclists.org/bugtraq/2019/Oct/28 Mailing List,Third Party Advisory
https://security.netapp.com/advisory/ntap-20200120-0001/
https://support.apple.com/kb/HT210788 Third Party Advisory
https://usn.ubuntu.com/4252-1/
https://usn.ubuntu.com/4252-2/
https://www.debian.org/security/2019/dsa-4547 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-14461, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Debian Linux by Debian

Debian Linux by Debian

Debian Linux by Debian

Enterprise Linux by Redhat

Enterprise Linux by Redhat

Fedora by Fedoraproject

Fedora by Fedoraproject

Fedora by Fedoraproject

Leap by Opensuse

Leap by Opensuse

Mac Os X by Apple

Tcpdump by Tcpdump

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable LDP parsing

Restrict tcpdump usage

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities