CVE-2019-15164
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-15164
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-15164.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-15164
- Downstream
- Related
- Published
- 2019-10-03T19:15:09Z
- Modified
- 2025-10-15T10:19:16.233677Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source.
- References
-
- https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES
- https://github.com/the-tcpdump-group/libpcap/commit/33834cb2a4d035b52aa2a26742f832a112e90a0a
- https://www.tcpdump.org/public-cve-list.txt
- http://seclists.org/fulldisclosure/2019/Dec/26
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/
- https://seclists.org/bugtraq/2019/Dec/23
- https://support.apple.com/kb/HT210785
- https://support.apple.com/kb/HT210788
- https://support.apple.com/kb/HT210789
- https://support.apple.com/kb/HT210790
- https://www.oracle.com/security-alerts/cpuapr2020.html
Affected packages
Git / github.com/the-tcpdump-group/libpcap
Affected ranges
- Type
- GIT
- Repo
- https://github.com/the-tcpdump-group/libpcap
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
libpcap-0.*
libpcap-0.6.1
libpcap-0.7.1
libpcap-0.8-bp
libpcap-1.*
libpcap-1.3-bp
libpcap-1.5.0
libpcap-1.6.0-bp
libpcap-1.7.0-bp
libpcap-1.8.0-bp
libpcap-1.8.1
libpcap-1.9-bp
libpcap-1.9.0
libpcap-1.9.0-rc1
libpcap-1.9.0rc2
Database specific
{
"vanir_signatures": [
{
"id": "CVE-2019-15164-3d532e63",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"220771326054493557985427279142055717525",
"125109687279265749357457515101614904409",
"256357145648847645196325241727447482236",
"34796557547443638241118995495406417428",
"123042880630557422448249733276881311904",
"169121961992058920376826039424384840240",
"197641415233931238199510149510569630035"
]
},
"source": "https://github.com/the-tcpdump-group/libpcap/commit/33834cb2a4d035b52aa2a26742f832a112e90a0a",
"target": {
"file": "rpcapd/daemon.c"
},
"deprecated": false,
"signature_version": "v1"
},
{
"id": "CVE-2019-15164-5e349b7a",
"signature_type": "Function",
"digest": {
"function_hash": "167369382710791498383107436899487403158",
"length": 1671.0
},
"source": "https://github.com/the-tcpdump-group/libpcap/commit/33834cb2a4d035b52aa2a26742f832a112e90a0a",
"target": {
"file": "rpcapd/daemon.c",
"function": "daemon_msg_open_req"
},
"deprecated": false,
"signature_version": "v1"
}
]
}