CVE-2018-14467 – This vulnerability in tcpdump's BGP parser allo... (How to Fix)

Q: What is the severity of CVE-2018-14467?

CVE-2018-14467 has a CVSS score of 7.5 (HIGH). This vulnerability in tcpdump's BGP parser allows attackers to cause a buffer over-read when processing specially crafted BGP packets. Systems running vulnerable versions of tcpdump that process BGP traffic are affected, potentially leading to information disclosure or denial of service.

📋 TL;DR

This vulnerability in tcpdump's BGP parser allows attackers to cause a buffer over-read when processing specially crafted BGP packets. Systems running vulnerable versions of tcpdump that process BGP traffic are affected, potentially leading to information disclosure or denial of service.

💻 Affected Systems

Products:

tcpdump

Versions: All versions before 4.9.3

Operating Systems: All operating systems running vulnerable tcpdump versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only vulnerable when tcpdump processes BGP packets (using -B or analyzing BGP traffic).

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, though this is unlikely given the nature of buffer over-read vulnerabilities.

🟠

Likely Case

Denial of service (tcpdump crash) or information disclosure (reading beyond buffer boundaries).

🟢

If Mitigated

Minimal impact if tcpdump is not processing BGP traffic or is running with limited privileges.

🌐 Internet-Facing: MEDIUM - Only affects systems where tcpdump is actively monitoring BGP traffic from untrusted sources.

🏢 Internal Only: LOW - Requires specific BGP traffic processing; most internal uses of tcpdump won't trigger this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted BGP packets to a system where tcpdump is monitoring network traffic.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.9.3 and later

Vendor Advisory: https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES

Restart Required: No

Instructions:

1. Update tcpdump to version 4.9.3 or later using your package manager. 2. For Linux: 'sudo apt update && sudo apt upgrade tcpdump' (Debian/Ubuntu) or 'sudo yum update tcpdump' (RHEL/CentOS). 3. Verify installation with 'tcpdump --version'.

🔧 Temporary Workarounds

Disable BGP packet processing

all

Avoid using tcpdump with BGP packet analysis capabilities

Avoid using '-B' flag or analyzing BGP protocol traffic

Run tcpdump with reduced privileges

linux

Limit potential impact by running tcpdump as non-root user

sudo -u nobody tcpdump [options]

🧯 If You Can't Patch

Restrict network access to systems running vulnerable tcpdump versions
Monitor for crashes or abnormal behavior in tcpdump processes

🔍 How to Verify

Check if Vulnerable:

Run 'tcpdump --version' and check if version is earlier than 4.9.3

Check Version:

tcpdump --version | head -1

Verify Fix Applied:

Confirm tcpdump version is 4.9.3 or later with 'tcpdump --version | head -1'

📡 Detection & Monitoring

Log Indicators:

tcpdump segmentation faults or crashes
unexpected termination of tcpdump processes

Network Indicators:

Malformed BGP packets targeting systems running tcpdump

SIEM Query:

process_name="tcpdump" AND (event_type="crash" OR exit_code="139")

📊 Metadata

CVE ID: CVE-2018-14467

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-125

Published: October 3, 2019

Last Updated: December 3, 2025

🔗 References

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html Third Party Advisory
http://seclists.org/fulldisclosure/2019/Dec/26 Mailing List,Third Party Advisory
https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES Release Notes,Third Party Advisory
https://github.com/the-tcpdump-group/tcpdump/commit/e3f3b445e2d20ac5d5b7fcb7559ce6beb55da0c9 Patch,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
https://seclists.org/bugtraq/2019/Dec/23 Mailing List,Third Party Advisory
https://seclists.org/bugtraq/2019/Oct/28 Mailing List,Third Party Advisory
https://security.netapp.com/advisory/ntap-20200120-0001/
https://support.apple.com/kb/HT210788 Third Party Advisory
https://usn.ubuntu.com/4252-1/
https://usn.ubuntu.com/4252-2/
https://www.debian.org/security/2019/dsa-4547 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html Third Party Advisory
http://seclists.org/fulldisclosure/2019/Dec/26 Mailing List,Third Party Advisory
https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES Release Notes,Third Party Advisory
https://github.com/the-tcpdump-group/tcpdump/commit/e3f3b445e2d20ac5d5b7fcb7559ce6beb55da0c9 Patch,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
https://seclists.org/bugtraq/2019/Dec/23 Mailing List,Third Party Advisory
https://seclists.org/bugtraq/2019/Oct/28 Mailing List,Third Party Advisory
https://security.netapp.com/advisory/ntap-20200120-0001/
https://support.apple.com/kb/HT210788 Third Party Advisory
https://usn.ubuntu.com/4252-1/
https://usn.ubuntu.com/4252-2/
https://www.debian.org/security/2019/dsa-4547 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-14467, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Debian Linux by Debian

Debian Linux by Debian

Debian Linux by Debian

Enterprise Linux by Redhat

Enterprise Linux by Redhat

Fedora by Fedoraproject

Fedora by Fedoraproject

Fedora by Fedoraproject

Leap by Opensuse

Leap by Opensuse

Mac Os X by Apple

Tcpdump by Tcpdump

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable BGP packet processing

Run tcpdump with reduced privileges

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities