CVE-2019-15166

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 03-10-2019 07:15

Last modified: - 13-04-2022 04:48

Total changes: - 3

Description

lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

None

Confidentiality

None

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

7.5

Base score

3.9

3.6

Exploitability score

Impact score

Verification logic

vendor=tcpdump AND product=tcpdump AND versionEndExcluding=4.9.3

vendor=apple AND product=mac_os_x AND versionEndExcluding=10.15.2

vendor=Debian AND product=debian_linux AND version=8.0

vendor=Debian AND product=debian_linux AND version=9.0

vendor=Debian AND product=debian_linux AND version=10.0

vendor=fedoraproject AND product=fedora AND version=29

vendor=fedoraproject AND product=fedora AND version=30

vendor=fedoraproject AND product=fedora AND version=31

vendor=opensuse AND product=leap AND version=15.0

vendor=opensuse AND product=leap AND version=15.1

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=7.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=8.0

vendor=netapp AND product=cloud_backup AND version=-

vendor=netapp AND product=hci_management_node AND version=-

vendor=netapp AND product=solidfire AND version=-

vendor=canonical AND product=ubuntu_linux AND version=12.04 AND software_edition=-

vendor=canonical AND product=ubuntu_linux AND version=14.04 AND software_edition=esm

vendor=canonical AND product=ubuntu_linux AND version=16.04 AND software_edition=esm

vendor=canonical AND product=ubuntu_linux AND version=18.04 AND software_edition=lts

Reference

https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4
https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update-Mailing List, Third Party Advisory
openSUSE-SU-2019:2348-Mailing List, Third Party Advisory
openSUSE-SU-2019:2344-Mailing List, Third Party Advisory
20191021 [SECURITY] [DSA 4547-1] tcpdump security update-Mailing List, Third Party Advisory
DSA-4547-Third Party Advisory
FEDORA-2019-85d92df70f-Mailing List, Third Party Advisory
FEDORA-2019-d06bc63433-Mailing List, Third Party Advisory
FEDORA-2019-6db0d5b9d9-Mailing List, Third Party Advisory
https://support.apple.com/kb/HT210788
20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra-Mailing List, Third Party Advisory
20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra-Mailing List, Third Party Advisory
https://security.netapp.com/advisory/ntap-20200120-0001/
USN-4252-2-Third Party Advisory
USN-4252-1-Third Party Advisory

Keywords

CVE-2019-15166

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2019-15166

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures