Libpcap
CVE-2019-15165
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.
AnalysisAI
sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.
Technical ContextAI
This vulnerability is classified as Allocation of Resources Without Limits (CWE-770), which allows attackers to exhaust system resources through uncontrolled allocation. sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. Affected products include: Tcpdump Libpcap, Debian Debian Linux, Opensuse Leap, Oracle Communications Operations Monitor, Apple Ipados. Version information: before 1.9.1.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Set resource limits, implement rate limiting, validate input sizes.
rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daem
rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source. Rated medium seve
rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which
rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. Rated medium se
Remote packet capture support is disabled by default in libpcap. Rated medium severity (CVSS 4.4), this vulnerability is
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today