In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization.
Gentoo Security Padawan
thanks for the report. Unless is stated that there is a RCE, since it is a read overflow, I'd set the rating to 3.
Upstream patch: https://github.com/the-tcpdump-group/tcpdump/commit/511915bef7e4de2f31b8d9f581b4a44b0cfbcf53
" If decode_prefix6() returns a negative number, don't print buf.
If it returns a negative number, it hasn't necessarily filled in buf, so
just return immediately; this is similar to the IPv4 code path, wherein
we just return a negative number, and print nothing, on an error.
This should fix GitHub issue #763."
Note that tree is now clean.