Vulnerability Details : CVE-2019-15165
sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.
Products affected by CVE-2019-15165
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:13.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:13.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:ipados:13.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
- cpe:2.3:a:tcpdump:libpcap:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-15165
0.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-15165
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2019-15165
-
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-15165
-
https://seclists.org/bugtraq/2019/Dec/23
Bugtraq: APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High SierraMailing List;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuapr2020.html
Oracle Critical Patch Update Advisory - April 2020Third Party Advisory
-
https://usn.ubuntu.com/4221-2/
USN-4221-2: libpcap vulnerability | Ubuntu security noticesThird Party Advisory
-
https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab
do sanity checks on PHB header length before allocating memory. There… · the-tcpdump-group/libpcap@87d6bef · GitHubPatch;Third Party Advisory
-
http://seclists.org/fulldisclosure/2019/Dec/26
Full Disclosure: APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High SierraIssue Tracking;Mailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/
[SECURITY] Fedora 30 Update: libpcap-1.9.1-1.fc30 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES
Product;Release Notes
-
https://support.apple.com/kb/HT210789
About the security content of watchOS 6.1.1 - Apple SupportThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/
[SECURITY] Fedora 31 Update: libpcap-1.9.1-1.fc31 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2019/10/msg00031.html
[SECURITY] [DLA 1967-1] libpcap security updateMailing List;Third Party Advisory
-
https://support.apple.com/kb/HT210788
About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra - Apple SupportThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2021/12/msg00014.html
[SECURITY] [DLA 2850-1] libpcap security updateMailing List;Third Party Advisory
-
https://usn.ubuntu.com/4221-1/
USN-4221-1: libpcap vulnerability | Ubuntu security noticesThird Party Advisory
-
https://support.apple.com/kb/HT210790
About the security content of tvOS 13.3 - Apple SupportThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/
[SECURITY] Fedora 29 Update: libpcap-1.9.1-1.fc29 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://www.tcpdump.org/public-cve-list.txt
Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00052.html
[security-announce] openSUSE-SU-2019:2343-1: important: Security updateMailing List;Third Party Advisory
-
https://support.apple.com/kb/HT210785
About the security content of iOS 13.3 and iPadOS 13.3 - Apple SupportThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.html
[security-announce] openSUSE-SU-2019:2345-1: important: Security updateMailing List;Third Party Advisory
-
https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6
Fix some format warnings. · the-tcpdump-group/libpcap@a5a36d9 · GitHubPatch;Third Party Advisory
Jump to