CVE-2019-15603

Current Description

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

Basic Data

PublishedOctober 03, 2019
Last ModifiedOctober 21, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-20
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationTcpdumpLibpcap********1.9.1

Vulnerable Software List

VendorProductVersions
Tcpdump Libpcap *

References

NameSourceURLTags
openSUSE-SU-2019:2345http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.htmlSUSE
openSUSE-SU-2019:2343http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00052.htmlSUSE
20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierrahttp://seclists.org/fulldisclosure/2019/Dec/26FULLDISC
https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGEShttps://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGESCONFIRMCVE-2005-0856 CVE-2006-3643
https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20abhttps://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20abCONFIRMPatch Third Party Advisory
https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6CONFIRMPatch Third Party Advisory
[debian-lts-announce] 20191021 [SECURITY] [DLA 1967-1] libpcap security updatehttps://lists.debian.org/debian-lts-announce/2019/10/msg00031.htmlMLIST
FEDORA-2019-eaa681d33ehttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P5K3FEDORA
FEDORA-2019-b92ce3144ahttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBIEKFEDORA
FEDORA-2019-4fe461079fhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZTIPFEDORA
20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierrahttps://seclists.org/bugtraq/2019/Dec/23BUGTRAQ
https://support.apple.com/kb/HT210785https://support.apple.com/kb/HT210785CONFIRM
https://support.apple.com/kb/HT210788https://support.apple.com/kb/HT210788CONFIRM
https://support.apple.com/kb/HT210789https://support.apple.com/kb/HT210789CONFIRM
https://support.apple.com/kb/HT210790https://support.apple.com/kb/HT210790CONFIRM
USN-4221-1https://usn.ubuntu.com/4221-1/UBUNTU
USN-4221-2https://usn.ubuntu.com/4221-2/UBUNTU
N/Ahttps://www.oracle.com/security-alerts/cpuapr2020.htmlN/A
https://www.tcpdump.org/public-cve-list.txthttps://www.tcpdump.org/public-cve-list.txtCONFIRMVendor Advisory