Resource Exhaustion Affecting libpcap package, versions <14:1.9.1-4.el8
Snyk CVSS
Attack Complexity
Low
Availability
High
Threat Intelligence
EPSS
0.51% (77th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CENTOS8-LIBPCAP-2075041
- published 26 Jul 2021
- disclosed 20 Sep 2019
Introduced: 20 Sep 2019
CVE-2019-15165 Open this link in a new tabHow to fix?
Upgrade Centos:8 libpcap to version 14:1.9.1-4.el8 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream libpcap package and not the libpcap package as distributed by Centos.
See How to fix? for Centos:8 relevant fixed versions and status.
sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.
References
- https://seclists.org/bugtraq/2019/Dec/23
- https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES
- https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab
- https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6
- https://support.apple.com/kb/HT210785
- https://support.apple.com/kb/HT210788
- https://support.apple.com/kb/HT210789
- https://support.apple.com/kb/HT210790
- https://www.tcpdump.org/public-cve-list.txt
- https://access.redhat.com/security/cve/CVE-2019-15165
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/
- http://seclists.org/fulldisclosure/2019/Dec/26
- https://lists.debian.org/debian-lts-announce/2019/10/msg00031.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://access.redhat.com/errata/RHSA-2020:4547
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00052.html
- https://usn.ubuntu.com/4221-1/
- https://usn.ubuntu.com/4221-2/
- https://lists.debian.org/debian-lts-announce/2021/12/msg00014.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/