CVE-2019-15165

Опубликовано: 20 сент. 2019

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

Отчет

A Low Impact has been given to this flaw even though the CVSSv3 is 7.5, because libpcap library is mainly used as part of debugging tools like wireshark or tcpdump, where an impact to the Availability is not considered security relevant in a reasonable scenario.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	libpcap	Out of support scope
Red Hat Enterprise Linux 7	libpcap	Fix deferred
Red Hat Enterprise Linux 8	libpcap	Fixed	RHSA-2020:4547	04.11.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=1760618libpcap: Resource exhaustion during PHB header length validation

EPSS

Процентиль: 78%

0.01191

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2019-15165

CVSS3: 5.3

ubuntu

больше 6 лет назад

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

CVE-2019-15165

CVSS3: 5.3

nvd

больше 6 лет назад

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

CVE-2019-15165

CVSS3: 5.3

debian

больше 6 лет назад

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB ...

GHSA-4jh3-696v-qm6r

CVSS3: 5.3

github

больше 3 лет назад

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

ELSA-2020-4547

oracle-oval

около 5 лет назад

ELSA-2020-4547: libpcap security, bug fix, and enhancement update (LOW)

EPSS

Процентиль: 78%

0.01191

Низкий

7.5 High

CVSS3