CVE-2019-15164 - OpenCVE

rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Tcpdump	Libpcap

Configuration 1 [-]

cpe:2.3:a:tcpdump:libpcap:*:*:*:*:*:*:*:*

References

Link	Resource
http://seclists.org/fulldisclosure/2019/Dec/26
https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES	Product Release Notes
https://github.com/the-tcpdump-group/libpcap/commit/33834cb2a4d035b52aa2a26742f832a112e90a0a	Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/
https://seclists.org/bugtraq/2019/Dec/23
https://support.apple.com/kb/HT210785
https://support.apple.com/kb/HT210788
https://support.apple.com/kb/HT210789
https://support.apple.com/kb/HT210790
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.tcpdump.org/public-cve-list.txt	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-10-03T18:36:12

Updated: 2020-04-15T21:06:52

Reserved: 2019-08-19T00:00:00

Link: CVE-2019-15164

JSON object: View

NVD Information

Status : Modified

Published: 2019-10-03T19:15:09.410

Modified: 2023-11-07T03:05:26.600

Link: CVE-2019-15164

JSON object: View

Redhat Information

No data.

CWE

CWE-918

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-15T21:06:52", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.tcpdump.org/public-cve-list.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/the-tcpdump-group/libpcap/commit/33834cb2a4d035b52aa2a26742f832a112e90a0a"}, {"name": "FEDORA-2019-eaa681d33e", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/"}, {"name": "FEDORA-2019-4fe461079f", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/"}, {"name": "FEDORA-2019-b92ce3144a", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210788"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210790"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210785"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210789"}, {"name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-15164", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.tcpdump.org/public-cve-list.txt", "refsource": "CONFIRM", "url": "https://www.tcpdump.org/public-cve-list.txt"}, {"name": "https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES", "refsource": "CONFIRM", "url": "https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES"}, {"name": "https://github.com/the-tcpdump-group/libpcap/commit/33834cb2a4d035b52aa2a26742f832a112e90a0a", "refsource": "CONFIRM", "url": "https://github.com/the-tcpdump-group/libpcap/commit/33834cb2a4d035b52aa2a26742f832a112e90a0a"}, {"name": "FEDORA-2019-eaa681d33e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/"}, {"name": "FEDORA-2019-4fe461079f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/"}, {"name": "FEDORA-2019-b92ce3144a", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/"}, {"name": "https://support.apple.com/kb/HT210788", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210788"}, {"name": "https://support.apple.com/kb/HT210790", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210790"}, {"name": "https://support.apple.com/kb/HT210785", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210785"}, {"name": "https://support.apple.com/kb/HT210789", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210789"}, {"name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-15164", "datePublished": "2019-10-03T18:36:12", "dateReserved": "2019-08-19T00:00:00", "dateUpdated": "2020-04-15T21:06:52", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tcpdump:libpcap:*:*:*:*:*:*:*:*", "matchCriteriaId": "11619557-69F9-455F-ADAA-86AC753BBC9C", "versionEndExcluding": "1.9.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source."}, {"lang": "es", "value": "El archivo rpcapd/daemon.c en libpcap versiones anteriores a 1.9.1, permite un ataque de tipo SSRF porque puede ser proporcionada una URL como una fuente de captura."}], "id": "CVE-2019-15164", "lastModified": "2023-11-07T03:05:26.600", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-03T19:15:09.410", "references": [{"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}, {"source": "cve@mitre.org", "tags": ["Product", "Release Notes"], "url": "https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/the-tcpdump-group/libpcap/commit/33834cb2a4d035b52aa2a26742f832a112e90a0a"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/"}, {"source": "cve@mitre.org", "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"source": "cve@mitre.org", "url": "https://support.apple.com/kb/HT210785"}, {"source": "cve@mitre.org", "url": "https://support.apple.com/kb/HT210788"}, {"source": "cve@mitre.org", "url": "https://support.apple.com/kb/HT210789"}, {"source": "cve@mitre.org", "url": "https://support.apple.com/kb/HT210790"}, {"source": "cve@mitre.org", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.tcpdump.org/public-cve-list.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}]}