CVE-2019-15161 - OpenCVE

rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Tcpdump	Libpcap

Configuration 1 [-]

cpe:2.3:a:tcpdump:libpcap:*:*:*:*:*:*:*:*

References

Link	Resource
http://seclists.org/fulldisclosure/2019/Dec/26
https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES	Product Release Notes
https://github.com/the-tcpdump-group/libpcap/commit/617b12c0339db4891d117b661982126c495439ea	Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/
https://seclists.org/bugtraq/2019/Dec/23
https://support.apple.com/kb/HT210785
https://support.apple.com/kb/HT210788
https://support.apple.com/kb/HT210789
https://support.apple.com/kb/HT210790
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.tcpdump.org/public-cve-list.txt	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-10-03T18:24:25

Updated: 2020-04-15T21:06:51

Reserved: 2019-08-19T00:00:00

Link: CVE-2019-15161

JSON object: View

NVD Information

Status : Modified

Published: 2019-10-03T19:15:09.240

Modified: 2023-11-07T03:05:26.370

Link: CVE-2019-15161

JSON object: View

Redhat Information

No data.

CWE

CWE-131

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-15T21:06:51", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.tcpdump.org/public-cve-list.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/the-tcpdump-group/libpcap/commit/617b12c0339db4891d117b661982126c495439ea"}, {"name": "FEDORA-2019-eaa681d33e", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/"}, {"name": "FEDORA-2019-4fe461079f", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/"}, {"name": "FEDORA-2019-b92ce3144a", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210788"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210790"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210785"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210789"}, {"name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-15161", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.tcpdump.org/public-cve-list.txt", "refsource": "CONFIRM", "url": "https://www.tcpdump.org/public-cve-list.txt"}, {"name": "https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES", "refsource": "CONFIRM", "url": "https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES"}, {"name": "https://github.com/the-tcpdump-group/libpcap/commit/617b12c0339db4891d117b661982126c495439ea", "refsource": "CONFIRM", "url": "https://github.com/the-tcpdump-group/libpcap/commit/617b12c0339db4891d117b661982126c495439ea"}, {"name": "FEDORA-2019-eaa681d33e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/"}, {"name": "FEDORA-2019-4fe461079f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/"}, {"name": "FEDORA-2019-b92ce3144a", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/"}, {"name": "https://support.apple.com/kb/HT210788", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210788"}, {"name": "https://support.apple.com/kb/HT210790", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210790"}, {"name": "https://support.apple.com/kb/HT210785", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210785"}, {"name": "https://support.apple.com/kb/HT210789", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210789"}, {"name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-15161", "datePublished": "2019-10-03T18:24:25", "dateReserved": "2019-08-19T00:00:00", "dateUpdated": "2020-04-15T21:06:51", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tcpdump:libpcap:*:*:*:*:*:*:*:*", "matchCriteriaId": "11619557-69F9-455F-ADAA-86AC753BBC9C", "versionEndExcluding": "1.9.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request."}, {"lang": "es", "value": "El archivo rpcapd/daemon.c en libpcap versiones anteriores a 1.9.1, maneja inapropiadamente ciertos valores de longitud debido a la reutilizaci\u00f3n de una variable. Esto puede abrir un vector de ataque involucrando datos adicionales al final de una petici\u00f3n."}], "id": "CVE-2019-15161", "lastModified": "2023-11-07T03:05:26.370", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-03T19:15:09.240", "references": [{"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}, {"source": "cve@mitre.org", "tags": ["Product", "Release Notes"], "url": "https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/the-tcpdump-group/libpcap/commit/617b12c0339db4891d117b661982126c495439ea"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/"}, {"source": "cve@mitre.org", "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"source": "cve@mitre.org", "url": "https://support.apple.com/kb/HT210785"}, {"source": "cve@mitre.org", "url": "https://support.apple.com/kb/HT210788"}, {"source": "cve@mitre.org", "url": "https://support.apple.com/kb/HT210789"}, {"source": "cve@mitre.org", "url": "https://support.apple.com/kb/HT210790"}, {"source": "cve@mitre.org", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.tcpdump.org/public-cve-list.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-131"}], "source": "nvd@nist.gov", "type": "Primary"}]}