rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request.
{ "vanir_signatures": [ { "source": "https://github.com/the-tcpdump-group/libpcap/commit/617b12c0339db4891d117b661982126c495439ea", "signature_type": "Function", "digest": { "function_hash": "196682538824827770604202866058545943170", "length": 4017.0 }, "id": "CVE-2019-15161-397f5820", "target": { "file": "rpcapd/daemon.c", "function": "daemon_msg_findallif_req" }, "deprecated": false, "signature_version": "v1" }, { "source": "https://github.com/the-tcpdump-group/libpcap/commit/617b12c0339db4891d117b661982126c495439ea", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "77939256312747897426021864468850046914", "31639149315888361928727419493933373030", "230302035946024568261547428231476124900", "337770322436780444669047104269122231464", "108814901740205276080478249151130962495", "74776204372325553500690040492034190183", "197745948789950147969763295580517814441", "115564426205399301869236696955586650216", "44899186094473439788331895675566550505", "333248649719795680741036517270408847163", "83968890063545290208140539370873203945", "255924912804074091071518284765341886933", "330100098406766952202016283159828515725", "165469642602499849878213198293894508926", "10632567311439597605179350850144820079", "260577463416520206736373669263138004528", "115840443822933993020765046616078771341", "181543324119623997383989035925878345096", "115670294945291092268053261144958436658", "336184969581036824332777365500729035845", "281174766806562442650610605843110252730", "309947102421574928745630622570513450696", "264300053721972123369851750415036675888" ] }, "id": "CVE-2019-15161-8686ca4b", "target": { "file": "rpcapd/daemon.c" }, "deprecated": false, "signature_version": "v1" } ] }