CVE-2019-15163 - OpenCVE

rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Tcpdump	Libpcap

Configuration 1 [-]

cpe:2.3:a:tcpdump:libpcap:*:*:*:*:*:*:*:*

References

Link	Resource
http://seclists.org/fulldisclosure/2019/Dec/26
https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES	Third Party Advisory
https://github.com/the-tcpdump-group/libpcap/commit/437b273761adedcbd880f714bfa44afeec186a31	Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/
https://seclists.org/bugtraq/2019/Dec/23
https://support.apple.com/kb/HT210785
https://support.apple.com/kb/HT210788
https://support.apple.com/kb/HT210789
https://support.apple.com/kb/HT210790
https://support.f5.com/csp/article/K92862401?utm_source=f5support&amp%3Butm_medium=RSS
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.tcpdump.org/public-cve-list.txt	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-10-03T18:34:30

Updated: 2020-04-15T21:06:52

Reserved: 2019-08-19T00:00:00

Link: CVE-2019-15163

JSON object: View

NVD Information

Status : Modified

Published: 2019-10-03T19:15:09.363

Modified: 2023-11-07T03:05:26.527

Link: CVE-2019-15163

JSON object: View

Redhat Information

No data.

CWE

CWE-476

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-15T21:06:52", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.tcpdump.org/public-cve-list.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/the-tcpdump-group/libpcap/commit/437b273761adedcbd880f714bfa44afeec186a31"}, {"name": "FEDORA-2019-eaa681d33e", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/"}, {"name": "FEDORA-2019-4fe461079f", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/"}, {"name": "FEDORA-2019-b92ce3144a", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K92862401?utm_source=f5support&amp%3Butm_medium=RSS"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210788"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210790"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210785"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210789"}, {"name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-15163", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.tcpdump.org/public-cve-list.txt", "refsource": "CONFIRM", "url": "https://www.tcpdump.org/public-cve-list.txt"}, {"name": "https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES", "refsource": "CONFIRM", "url": "https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES"}, {"name": "https://github.com/the-tcpdump-group/libpcap/commit/437b273761adedcbd880f714bfa44afeec186a31", "refsource": "CONFIRM", "url": "https://github.com/the-tcpdump-group/libpcap/commit/437b273761adedcbd880f714bfa44afeec186a31"}, {"name": "FEDORA-2019-eaa681d33e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/"}, {"name": "FEDORA-2019-4fe461079f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/"}, {"name": "FEDORA-2019-b92ce3144a", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/"}, {"name": "https://support.f5.com/csp/article/K92862401?utm_source=f5support&utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K92862401?utm_source=f5support&utm_medium=RSS"}, {"name": "https://support.apple.com/kb/HT210788", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210788"}, {"name": "https://support.apple.com/kb/HT210790", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210790"}, {"name": "https://support.apple.com/kb/HT210785", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210785"}, {"name": "https://support.apple.com/kb/HT210789", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210789"}, {"name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-15163", "datePublished": "2019-10-03T18:34:30", "dateReserved": "2019-08-19T00:00:00", "dateUpdated": "2020-04-15T21:06:52", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tcpdump:libpcap:*:*:*:*:*:*:*:*", "matchCriteriaId": "11619557-69F9-455F-ADAA-86AC753BBC9C", "versionEndExcluding": "1.9.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails."}, {"lang": "es", "value": "El archivo rpcapd/daemon.c en libpcap versiones anteriores a 1.9.1, permite a atacantes causar una denegaci\u00f3n de servicio (desreferencia del puntero NULL y bloqueo del demonio) si se presenta un fallo de una llamada de la funci\u00f3n crypt()."}], "id": "CVE-2019-15163", "lastModified": "2023-11-07T03:05:26.527", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-03T19:15:09.363", "references": [{"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/the-tcpdump-group/libpcap/commit/437b273761adedcbd880f714bfa44afeec186a31"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/"}, {"source": "cve@mitre.org", "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"source": "cve@mitre.org", "url": "https://support.apple.com/kb/HT210785"}, {"source": "cve@mitre.org", "url": "https://support.apple.com/kb/HT210788"}, {"source": "cve@mitre.org", "url": "https://support.apple.com/kb/HT210789"}, {"source": "cve@mitre.org", "url": "https://support.apple.com/kb/HT210790"}, {"source": "cve@mitre.org", "url": "https://support.f5.com/csp/article/K92862401?utm_source=f5support&amp%3Butm_medium=RSS"}, {"source": "cve@mitre.org", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.tcpdump.org/public-cve-list.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}