CVE-2019-15165

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 03-10-2019 09:15

Last modified: - 08-04-2022 03:27

Total changes: - 3

Description

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

None

Confidentiality

Low

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

5.3

Base score

3.9

1.4

Exploitability score

Impact score

Verification logic

vendor=tcpdump AND product=libpcap AND versionEndExcluding=1.9.1

vendor=Debian AND product=debian_linux AND version=8.0

vendor=Debian AND product=debian_linux AND version=9.0

vendor=opensuse AND product=leap AND version=15.0

vendor=opensuse AND product=leap AND version=15.1

vendor=oracle AND product=communications_operations_monitor AND version=3.4

vendor=oracle AND product=communications_operations_monitor AND version=4.0

vendor=oracle AND product=communications_operations_monitor AND version=4.1

vendor=oracle AND product=communications_operations_monitor AND version=4.2

vendor=oracle AND product=communications_operations_monitor AND version=4.3

vendor=apple AND product=ipados AND version=13.3

vendor=apple AND product=iphone_os AND version=13.3

vendor=apple AND product=mac_os_x AND versionStartIncluding=10.13 AND versionEndExcluding=10.13.6

vendor=apple AND product=mac_os_x AND version=10.13.6 AND update=security_update_2019-007

vendor=apple AND product=mac_os_x AND version=10.14.6 AND update=security_update_2019-002

vendor=apple AND product=mac_os_x AND version=10.15.2

vendor=apple AND product=tvos AND version=13.3

vendor=apple AND product=watchos AND version=6.1.1

vendor=canonical AND product=ubuntu_linux AND version=12.04 AND software_edition=-

vendor=canonical AND product=ubuntu_linux AND version=14.04 AND software_edition=esm

vendor=canonical AND product=ubuntu_linux AND version=16.04 AND software_edition=esm

vendor=canonical AND product=ubuntu_linux AND version=18.04 AND software_edition=lts

vendor=canonical AND product=ubuntu_linux AND version=19.04

vendor=fedoraproject AND product=fedora AND version=29

vendor=fedoraproject AND product=fedora AND version=30

vendor=fedoraproject AND product=fedora AND version=31

Reference

https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES
https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6
https://www.tcpdump.org/public-cve-list.txt
https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab
openSUSE-SU-2019:2343-Mailing List, Third Party Advisory
openSUSE-SU-2019:2345-Mailing List, Third Party Advisory
[debian-lts-announce] 20191021 [SECURITY] [DLA 1967-1] libpcap security update-Mailing List, Third Party Advisory
FEDORA-2019-4fe461079f-Mailing List, Third Party Advisory
FEDORA-2019-eaa681d33e-Mailing List, Third Party Advisory
FEDORA-2019-b92ce3144a-Mailing List, Third Party Advisory
https://support.apple.com/kb/HT210788
USN-4221-1-Third Party Advisory
20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra-Mailing List, Third Party Advisory
20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra-Issue Tracking, Mailing List, Third Party Advisory
USN-4221-2-Third Party Advisory
https://support.apple.com/kb/HT210790
https://support.apple.com/kb/HT210785
https://support.apple.com/kb/HT210789
N/A-Third Party Advisory
[debian-lts-announce] 20211226 [SECURITY] [DLA 2850-1] libpcap security update-Mailing List, Third Party Advisory

Keywords

CVE-2019-15165

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2019-15165

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures