Your submission was sent successfully! Close

CVE-2019-15165

Published: 30 September 2019

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

Priority

Medium

CVSS 3 base score: 5.3

Status

Package Release Status
libpcap
Launchpad, Ubuntu, Debian
bionic
Released (1.8.1-6ubuntu1.18.04.1)
disco
Released (1.8.1-6ubuntu1.19.04.1)
eoan Not vulnerable
(1.9.1-2)
precise
Released (1.1.1-10ubuntu0.1)
trusty
Released (1.5.3-2ubuntu0.1)
upstream
Released (1.9.1-1)
xenial
Released (1.7.4-2ubuntu0.1)

Notes

AuthorNote
sbeattie
this is likely actually fixed by
617b12c0339db4891d117b661982126c495439ea
see github issue about CVE ID confusion
but whatever, can't get a straight answer out of upstream, so
will use this CVE ID for the issue that touches sf-pcapng.c

References

Bugs