VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-dc8k-b331-ffee

Essentials
Severities (19)
References (105)
Severity details (18)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-dc8k-b331-ffee
Aliases	CVE-2017-13038
Summary	tcpdump: Buffer over-read in print-ppp.c:handle_mlppp() in PPP parser
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-125

Out-of-bounds Read

System	Score	Found at
cvssv3.1	9.8	https://access.redhat.com/errata/RHEA-2018:0705
ssvc	Track	https://access.redhat.com/errata/RHEA-2018:0705
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13038.json
epss	0.01775	https://api.first.org/data/v1/epss?cve=CVE-2017-13038
cvssv2	5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	5.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	9.8	https://github.com/the-tcpdump-group/tcpdump/commit/7335163a6ef82d46ff18f3e6099a157747241629
ssvc	Track	https://github.com/the-tcpdump-group/tcpdump/commit/7335163a6ef82d46ff18f3e6099a157747241629
archlinux	Critical	https://security.archlinux.org/AVG-361
cvssv3.1	9.8	https://security.gentoo.org/glsa/201709-23
ssvc	Track	https://security.gentoo.org/glsa/201709-23
cvssv3.1	9.8	https://support.apple.com/HT208221
ssvc	Track	https://support.apple.com/HT208221
cvssv3.1	9.8	http://www.debian.org/security/2017/dsa-3971
ssvc	Track	http://www.debian.org/security/2017/dsa-3971
cvssv3.1	9.8	http://www.securitytracker.com/id/1039307
ssvc	Track	http://www.securitytracker.com/id/1039307
cvssv3.1	9.8	http://www.tcpdump.org/tcpdump-changes.txt
ssvc	Track	http://www.tcpdump.org/tcpdump-changes.txt

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13038.json
		https://api.first.org/data/v1/epss?cve=CVE-2017-13038
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11108
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11541
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11542
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11543
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12893
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12894
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12895
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12896
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12897
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12898
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12899
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12900
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12901
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12902
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12985
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12986
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12987
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12988
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12989
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12990
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12991
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12992
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12993
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12994
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12995
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12996
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12997
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12998
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12999
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13000
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13001
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13002
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13003
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13004
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13005
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13006
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13007
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13008
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13009
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13010
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13011
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13012
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13013
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13014
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13015
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13016
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13017
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13018
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13019
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13020
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13021
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13022
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13023
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13024
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13025
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13026
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13027
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13028
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13029
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13030
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13031
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13032
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13033
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13034
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13035
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13036
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13037
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13038
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13039
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13040
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13041
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13042
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13043
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13044
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13045
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13046
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13047
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13048
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13049
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13050
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13051
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13052
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13053
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13054
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13055
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13687
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13688
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13689
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13690
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13725
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1039307		http://www.securitytracker.com/id/1039307
1490605		https://bugzilla.redhat.com/show_bug.cgi?id=1490605
7335163a6ef82d46ff18f3e6099a157747241629		https://github.com/the-tcpdump-group/tcpdump/commit/7335163a6ef82d46ff18f3e6099a157747241629
ASA-201709-5		https://security.archlinux.org/ASA-201709-5
AVG-361		https://security.archlinux.org/AVG-361
dsa-3971		http://www.debian.org/security/2017/dsa-3971
GLSA-201709-23		https://security.gentoo.org/glsa/201709-23
HT208221		https://support.apple.com/HT208221
RHEA-2018:0705		https://access.redhat.com/errata/RHEA-2018:0705
tcpdump-changes.txt		http://www.tcpdump.org/tcpdump-changes.txt
USN-3415-1		https://usn.ubuntu.com/3415-1/
USN-3415-2		https://usn.ubuntu.com/3415-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHEA-2018:0705

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T14:56:24Z/ Found at https://access.redhat.com/errata/RHEA-2018:0705

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13038.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/the-tcpdump-group/tcpdump/commit/7335163a6ef82d46ff18f3e6099a157747241629

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T14:56:24Z/ Found at https://github.com/the-tcpdump-group/tcpdump/commit/7335163a6ef82d46ff18f3e6099a157747241629

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/201709-23

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T14:56:24Z/ Found at https://security.gentoo.org/glsa/201709-23

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://support.apple.com/HT208221

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T14:56:24Z/ Found at https://support.apple.com/HT208221

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.debian.org/security/2017/dsa-3971

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T14:56:24Z/ Found at http://www.debian.org/security/2017/dsa-3971

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.securitytracker.com/id/1039307

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T14:56:24Z/ Found at http://www.securitytracker.com/id/1039307

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.tcpdump.org/tcpdump-changes.txt

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T14:56:24Z/ Found at http://www.tcpdump.org/tcpdump-changes.txt

Exploit Prediction Scoring System (EPSS)

Percentile	0.82985
EPSS Score	0.01775
Published At	May 29, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-29T09:45:34.825372+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13038.json	38.6.0