CVE-2019-15165

EPSS 1.19%
Published 03.10.2019 19:15:09
Last modified 21.11.2024 04:28:11
Source cve@mitre.org
Teams watchlist Login
Open Login

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

Affected products Warnungen 0 Metrics 3 CWE 1 References 23

Data is provided by the National Vulnerability Database (NVD)

Tcpdump ≫ Libpcap Version < 1.9.1

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Opensuse ≫ Leap Version15.0

Opensuse ≫ Leap Version15.1

Oracle ≫ Communications Operations Monitor Version3.4

Oracle ≫ Communications Operations Monitor Version4.0

Oracle ≫ Communications Operations Monitor Version4.1

Oracle ≫ Communications Operations Monitor Version4.2

Oracle ≫ Communications Operations Monitor Version4.3

Apple ≫ iPadOS Version13.3

Apple ≫ iPhone OS Version13.3

Apple ≫ macOS X Version >= 10.13 < 10.13.6

Apple ≫ macOS X Version10.13.6 Updatesecurity_update_2019-007

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2019-002

Apple ≫ macOS X Version10.15.2

Apple ≫ tvOS Version13.3

Apple ≫ watchOS Version6.1.1

Canonical ≫ Ubuntu Linux Version12.04 SwEdition-

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version19.04

Fedoraproject ≫ Fedora Version29

Fedoraproject ≫ Fedora Version30

Fedoraproject ≫ Fedora Version31

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.19%	0.782

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

http://seclists.org/fulldisclosure/2019/Dec/26

Third Party Advisory

Mailing List

Issue Tracking

https://seclists.org/bugtraq/2019/Dec/23

Third Party Advisory

Mailing List

https://support.apple.com/kb/HT210788

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2020.html

Third Party Advisory

https://support.apple.com/kb/HT210785

Third Party Advisory

https://support.apple.com/kb/HT210789

Third Party Advisory

https://support.apple.com/kb/HT210790

Third Party Advisory

https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES

Product

Release Notes

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/

https://www.tcpdump.org/public-cve-list.txt

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00052.html

Third Party Advisory

Mailing List

https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab

Patch

Third Party Advisory

https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6

Patch

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2019/10/msg00031.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2021/12/msg00014.html

Third Party Advisory

Mailing List

https://usn.ubuntu.com/4221-1/

Third Party Advisory

https://usn.ubuntu.com/4221-2/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-15165

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-15165

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-15165

EUVD