5.3

CVE-2019-15164

rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TcpdumpLibpcap Version < 1.9.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.87% 0.85
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

http://seclists.org/fulldisclosure/2019/Dec/26
https://seclists.org/bugtraq/2019/Dec/23
https://support.apple.com/kb/HT210788
https://www.oracle.com/security-alerts/cpuapr2020.html
https://support.apple.com/kb/HT210785
https://support.apple.com/kb/HT210789
https://support.apple.com/kb/HT210790
https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES
Product
Release Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/
https://www.tcpdump.org/public-cve-list.txt
Vendor Advisory
https://github.com/the-tcpdump-group/libpcap/commit/33834cb2a4d035b52aa2a26742f832a112e90a0a
Patch
Third Party Advisory