Lucene search

[email protected]CVE-2019-15165

HistoryOct 03, 2019 - 7:15 p.m.

CVE-2019-15165

2019-10-0319:15:09

CWE-770

[email protected]

web.nvd.nist.gov

367

libpcap

1.9.1

sf-pcapng.c

phb header

memory allocation

vulnerability

nvd

cve-2019-15165

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.6%

JSON

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

Affected configurations

NVD

Node

tcpdumplibpcapRange<1.9.1

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

Node

opensuseleapMatch15.0

opensuseleapMatch15.1

Node

oraclecommunications_operations_monitorMatch3.4

oraclecommunications_operations_monitorMatch4.0

oraclecommunications_operations_monitorMatch4.1

oraclecommunications_operations_monitorMatch4.2

oraclecommunications_operations_monitorMatch4.3

Node

appleipadosMatch13.3

appleiphone_osMatch13.3

applemac_os_xRange10.13–10.13.6

applemac_os_xMatch10.13.6security_update_2019-007

applemac_os_xMatch10.14.6security_update_2019-002

applemac_os_xMatch10.15.2

appletvosMatch13.3

applewatchosMatch6.1.1

Node

canonicalubuntu_linuxMatch12.04-

canonicalubuntu_linuxMatch14.04esm

canonicalubuntu_linuxMatch16.04esm

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch19.04

Node

fedoraprojectfedoraMatch29

fedoraprojectfedoraMatch30

fedoraprojectfedoraMatch31

CPENameOperatorVersion
tcpdump:libpcaptcpdump libpcaplt1.9.1

CPE	Name	Operator	Version
tcpdump:libpcap	tcpdump libpcap	lt	1.9.1

References

lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.html

lists.opensuse.org/opensuse-security-announce/2019-10/msg00052.html

seclists.org/fulldisclosure/2019/Dec/26

github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES

github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab

github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6

lists.debian.org/debian-lts-announce/2019/10/msg00031.html

lists.debian.org/debian-lts-announce/2021/12/msg00014.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/

seclists.org/bugtraq/2019/Dec/23

support.apple.com/kb/HT210785

support.apple.com/kb/HT210788

support.apple.com/kb/HT210789

support.apple.com/kb/HT210790

usn.ubuntu.com/4221-1/

usn.ubuntu.com/4221-2/

www.oracle.com/security-alerts/cpuapr2020.html

www.tcpdump.org/public-cve-list.txt

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.6%

JSON

Related for CVE-2019-15165

debian2 osv4 cloudfoundry1 nessus26 openvas19 redhat9 oraclelinux1 alpinelinux1 veracode1 prion1 ubuntu2 nvd1 debiancve1 cvelist1 almalinux1 ubuntucve1 redhatcve1 suse2 rosalinux1 fedora3 photon6 apple6 mageia1 oracle1