In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization. https://nvd.nist.gov/vuln/detail/CVE-2018-19519