CVE-2019-15165

Published: 30 September 2019

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

Priority

Medium

CVSS 3 base score: 5.3

Status

Package Release Status
libpcap
Launchpad, Ubuntu, Debian
Upstream
Released (1.9.1-1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1.8.1-6ubuntu1.18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.7.4-2ubuntu0.1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.5.3-2ubuntu0.1)
Patches:
Upstream: https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6
Upstream: https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab

Notes

AuthorNote
sbeattie
this is likely actually fixed by
617b12c0339db4891d117b661982126c495439ea
see github issue about CVE ID confusion
but whatever, can't get a straight answer out of upstream, so
will use this CVE ID for the issue that touches sf-pcapng.c

References

Bugs