(https://nvd.nist.gov/vuln/detail/CVE-2018-19519): In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization. Gentoo Security Padawan (domhnall)
Hello D'juan, thanks for the report. Unless is stated that there is a RCE, since it is a read overflow, I'd set the rating to 3. Thanks
Upstream patch: https://github.com/the-tcpdump-group/tcpdump/commit/511915bef7e4de2f31b8d9f581b4a44b0cfbcf53 " If decode_prefix6() returns a negative number, don't print buf. If it returns a negative number, it hasn't necessarily filled in buf, so just return immediately; this is similar to the IPv4 code path, wherein we just return a negative number, and print nothing, on an error. This should fix GitHub issue #763."
Note that tree is now clean.