The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().
CVE-2018-16228 (Candidate) is related to these bugs: