CVE-2019-15164

Name

CVE-2019-15164

Description

rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

Exploits

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
Product	https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES
Patch	https://github.com/the-tcpdump-group/libpcap/commit/33834cb2a4d035b52aa2a26742f832a112e90a0a
Vendor Advisory	https://www.tcpdump.org/public-cve-list.txt
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/
CONFIRM	https://support.apple.com/kb/HT210788
BUGTRAQ	https://seclists.org/bugtraq/2019/Dec/23
FULLDISC	http://seclists.org/fulldisclosure/2019/Dec/26
CONFIRM	https://support.apple.com/kb/HT210790
CONFIRM	https://support.apple.com/kb/HT210789
CONFIRM	https://support.apple.com/kb/HT210785
N/A	https://www.oracle.com/security-alerts/cpuapr2020.html

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:tcpdump:libpcap::::::::`	libpcap	>= None	< 1.9.1

Source package	Branch	Version	Maintainer	Status
libpcap	edge-main	1.9.1-r0	None	fixed
libpcap	3.22-main	1.9.1-r0	None	fixed
libpcap	3.21-main	1.9.1-r0	None	fixed
libpcap	3.20-main	1.9.1-r0	None	fixed
libpcap	3.19-main	1.9.1-r0	None	fixed
libpcap	3.18-main	1.9.1-r0	None	fixed
libpcap	3.17-main	1.9.1-r0	None	fixed
libpcap	3.12-main	1.9.1-r0	None	fixed
libpcap	3.10-main	1.1.1-r0	None	fixed