CVE-2019-15165

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-15165
sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00052.html Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2019/Dec/26 Issue Tracking Mailing List Third Party Advisory
https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES Product Release Notes
https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab Patch Third Party Advisory
https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6 Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00031.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00014.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/
https://seclists.org/bugtraq/2019/Dec/23 Mailing List Third Party Advisory
https://support.apple.com/kb/HT210785 Third Party Advisory
https://support.apple.com/kb/HT210788 Third Party Advisory
https://support.apple.com/kb/HT210789 Third Party Advisory
https://support.apple.com/kb/HT210790 Third Party Advisory
https://usn.ubuntu.com/4221-1/ Third Party Advisory
https://usn.ubuntu.com/4221-2/ Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html Third Party Advisory
https://www.tcpdump.org/public-cve-list.txt Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:tcpdump:libpcap:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:apple:ipados:13.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:13.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:13.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:6.1.1:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

Configuration 7 (hide)

OR cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
History

07 Nov 2023, 03:05

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/', 'name': 'FEDORA-2019-4fe461079f', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/', 'name': 'FEDORA-2019-eaa681d33e', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/', 'name': 'FEDORA-2019-b92ce3144a', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/ -

08 Apr 2022, 13:27

Type Values Removed Values Added
CPE cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.2:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:apple:iphone_os:13.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:13.3:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:13.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:6.1.1:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
References (BUGTRAQ) https://seclists.org/bugtraq/2019/Dec/23 - (BUGTRAQ) https://seclists.org/bugtraq/2019/Dec/23 - Mailing List, Third Party Advisory
References (CONFIRM) https://support.apple.com/kb/HT210790 - (CONFIRM) https://support.apple.com/kb/HT210790 - Third Party Advisory
References (CONFIRM) https://support.apple.com/kb/HT210785 - (CONFIRM) https://support.apple.com/kb/HT210785 - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00052.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00052.html - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/ - Mailing List, Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4221-1/ - (UBUNTU) https://usn.ubuntu.com/4221-1/ - Third Party Advisory
References (FULLDISC) http://seclists.org/fulldisclosure/2019/Dec/26 - (FULLDISC) http://seclists.org/fulldisclosure/2019/Dec/26 - Issue Tracking, Mailing List, Third Party Advisory
References (CONFIRM) https://support.apple.com/kb/HT210789 - (CONFIRM) https://support.apple.com/kb/HT210789 - Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2019/10/msg00031.html - (MLIST) https://lists.debian.org/debian-lts-announce/2019/10/msg00031.html - Mailing List, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2021/12/msg00014.html - (MLIST) https://lists.debian.org/debian-lts-announce/2021/12/msg00014.html - Mailing List, Third Party Advisory
References (CONFIRM) https://support.apple.com/kb/HT210788 - (CONFIRM) https://support.apple.com/kb/HT210788 - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/ - Mailing List, Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4221-2/ - (UBUNTU) https://usn.ubuntu.com/4221-2/ - Third Party Advisory
References (N/A) https://www.oracle.com/security-alerts/cpuapr2020.html - (N/A) https://www.oracle.com/security-alerts/cpuapr2020.html - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.html - Mailing List, Third Party Advisory
First Time Debian debian Linux
Apple iphone Os
Apple
Oracle
Canonical ubuntu Linux
Apple watchos
Fedoraproject fedora
Apple tvos
Canonical
Oracle communications Operations Monitor
Debian
Opensuse leap
Apple ipados
Apple mac Os X
Opensuse
Fedoraproject

26 Dec 2021, 22:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2021/12/msg00014.html -
Information

Published : 2019-10-03 19:15

Updated : 2023-12-10 13:13

NVD link : CVE-2019-15165

Mitre link : CVE-2019-15165

CVE.ORG link : CVE-2019-15165

JSON object : View

Products Affected

oracle

  • communications_operations_monitor

debian

  • debian_linux

apple

  • iphone_os
  • tvos
  • ipados
  • mac_os_x
  • watchos

fedoraproject

  • fedora

tcpdump

  • libpcap

opensuse

  • leap

canonical

  • ubuntu_linux
CWE
CWE-770

Allocation of Resources Without Limits or Throttling