CVE-2018-14465 – CVE-2018-14465 is a buffer over-read vulnerabil... (How to Fix)

Q: What is the severity of CVE-2018-14465?

CVE-2018-14465 has a CVSS score of 7.5 (HIGH). CVE-2018-14465 is a buffer over-read vulnerability in the RSVP parser of tcpdump, a network packet analyzer. It allows attackers to cause denial-of-service (DoS) or potentially leak sensitive memory information by sending specially crafted RSVP packets. This affects users running vulnerable versions of tcpdump on systems where it processes untrusted network traffic.

📋 TL;DR

CVE-2018-14465 is a buffer over-read vulnerability in the RSVP parser of tcpdump, a network packet analyzer. It allows attackers to cause denial-of-service (DoS) or potentially leak sensitive memory information by sending specially crafted RSVP packets. This affects users running vulnerable versions of tcpdump on systems where it processes untrusted network traffic.

💻 Affected Systems

Products:

tcpdump

Versions: Versions before 4.9.3

Operating Systems: Linux, Unix-like systems (e.g., BSD, macOS)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is triggered when tcpdump parses RSVP packets; default installations that process network traffic are at risk.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Exploitation could lead to remote code execution (RCE) or system crashes, compromising the host running tcpdump.

🟠

Likely Case

Most probable impact is denial-of-service (DoS) through application crashes or memory corruption, disrupting network monitoring.

🟢

If Mitigated

With proper controls like network segmentation and minimal privileges, impact is limited to DoS on the tcpdump process only.

🌐 Internet-Facing: MEDIUM, as tcpdump is often used internally but could be exposed via network monitoring tools; exploitation requires sending malicious packets to the vulnerable system.

🏢 Internal Only: MEDIUM, as internal attackers or malware could exploit it if tcpdump is used on untrusted networks or with malicious traffic.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation involves sending crafted RSVP packets; public proof-of-concept code exists, making attacks feasible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: tcpdump 4.9.3 and later

Vendor Advisory: https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES

Restart Required: No

Instructions:

1. Update tcpdump to version 4.9.3 or later using your package manager. 2. For Linux, run: sudo apt-get update && sudo apt-get install tcpdump (or use yum/dnf for RHEL-based systems). 3. Verify the update with: tcpdump --version.

🔧 Temporary Workarounds

Disable RSVP parsing in tcpdump

linux

Use tcpdump filters to avoid parsing RSVP packets, reducing exposure.

tcpdump not rsvp

Restrict network access

all

Limit tcpdump usage to trusted networks or interfaces to prevent malicious packet injection.

tcpdump -i eth0 (specify trusted interface)

🧯 If You Can't Patch

Isolate tcpdump to a segmented network with strict ingress/egress controls to block untrusted RSVP traffic.
Run tcpdump with minimal privileges (e.g., non-root user) and monitor for crashes or unusual activity as an early warning.

🔍 How to Verify

Check if Vulnerable:

Run: tcpdump --version | grep -E '^tcpdump version' and check if version is below 4.9.3.

Check Version:

tcpdump --version

Verify Fix Applied:

After patching, confirm version is 4.9.3 or higher with: tcpdump --version.

📡 Detection & Monitoring

Log Indicators:

Look for tcpdump crash logs or core dumps in system logs (e.g., /var/log/syslog).

Network Indicators:

Monitor for unusual RSVP packet spikes or malformed network traffic targeting tcpdump ports.

SIEM Query:

Example: 'process:tcpdump AND event_type:crash' or 'network_traffic:protocol:rsvp AND size:anomalous'

📊 Metadata

CVE ID: CVE-2018-14465

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-125

Published: October 3, 2019

Last Updated: December 17, 2025

🔗 References

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html Third Party Advisory
http://seclists.org/fulldisclosure/2019/Dec/26 Mailing List,Third Party Advisory
https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES Release Notes,Third Party Advisory
https://github.com/the-tcpdump-group/tcpdump/commit/bea2686c296b79609060a104cc139810785b0739 Patch,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
https://seclists.org/bugtraq/2019/Dec/23 Mailing List,Third Party Advisory
https://seclists.org/bugtraq/2019/Oct/28 Mailing List,Third Party Advisory
https://security.netapp.com/advisory/ntap-20200120-0001/
https://support.apple.com/kb/HT210788 Third Party Advisory
https://usn.ubuntu.com/4252-1/
https://usn.ubuntu.com/4252-2/
https://www.debian.org/security/2019/dsa-4547 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html Third Party Advisory
http://seclists.org/fulldisclosure/2019/Dec/26 Mailing List,Third Party Advisory
https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES Release Notes,Third Party Advisory
https://github.com/the-tcpdump-group/tcpdump/commit/bea2686c296b79609060a104cc139810785b0739 Patch,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
https://seclists.org/bugtraq/2019/Dec/23 Mailing List,Third Party Advisory
https://seclists.org/bugtraq/2019/Oct/28 Mailing List,Third Party Advisory
https://security.netapp.com/advisory/ntap-20200120-0001/
https://support.apple.com/kb/HT210788 Third Party Advisory
https://usn.ubuntu.com/4252-1/
https://usn.ubuntu.com/4252-2/
https://www.debian.org/security/2019/dsa-4547 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-14465, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Debian Linux by Debian

Debian Linux by Debian

Debian Linux by Debian

Enterprise Linux by Redhat

Enterprise Linux by Redhat

Fedora by Fedoraproject

Fedora by Fedoraproject

Fedora by Fedoraproject

Leap by Opensuse

Leap by Opensuse

Mac Os X by Apple

Tcpdump by Tcpdump

Tcpdump by Tcpdump

Traffix Signaling Delivery Controller by F5

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable RSVP parsing in tcpdump

Restrict network access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities