{"id":"CVE-2019-15161","details":"rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request.","modified":"2026-03-20T11:28:17.782130Z","published":"2019-10-03T19:15:09.240Z","related":["MGASA-2019-0297","openSUSE-SU-2024:10969-1"],"references":[{"type":"WEB","url":"https://support.apple.com/kb/HT210785"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2019/Dec/26"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/"},{"type":"WEB","url":"https://support.apple.com/kb/HT210788"},{"type":"WEB","url":"https://support.apple.com/kb/HT210789"},{"type":"WEB","url":"https://support.apple.com/kb/HT210790"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/"},{"type":"WEB","url":"https://seclists.org/bugtraq/2019/Dec/23"},{"type":"ADVISORY","url":"https://www.tcpdump.org/public-cve-list.txt"},{"type":"ADVISORY","url":"https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES"},{"type":"FIX","url":"https://github.com/the-tcpdump-group/libpcap/commit/617b12c0339db4891d117b661982126c495439ea"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/the-tcpdump-group/libpcap","events":[{"introduced":"0"},{"fixed":"d396f255cf7b96a09cf91d0e8cc94d23777d6986"},{"fixed":"617b12c0339db4891d117b661982126c495439ea"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.9.1"}]}}],"versions":["libpcap-0.6.1","libpcap-0.7.1","libpcap-0.8-bp","libpcap-1.3-bp","libpcap-1.5.0","libpcap-1.6.0-bp","libpcap-1.7.0-bp","libpcap-1.8.0-bp","libpcap-1.8.1","libpcap-1.9-bp","libpcap-1.9.0","libpcap-1.9.0-rc1","libpcap-1.9.0rc2"],"database_specific":{"vanir_signatures":[{"deprecated":false,"id":"CVE-2019-15161-397f5820","target":{"file":"rpcapd/daemon.c","function":"daemon_msg_findallif_req"},"signature_type":"Function","digest":{"length":4017,"function_hash":"196682538824827770604202866058545943170"},"signature_version":"v1","source":"https://github.com/the-tcpdump-group/libpcap/commit/617b12c0339db4891d117b661982126c495439ea"},{"deprecated":false,"id":"CVE-2019-15161-8686ca4b","target":{"file":"rpcapd/daemon.c"},"signature_type":"Line","digest":{"line_hashes":["77939256312747897426021864468850046914","31639149315888361928727419493933373030","230302035946024568261547428231476124900","337770322436780444669047104269122231464","108814901740205276080478249151130962495","74776204372325553500690040492034190183","197745948789950147969763295580517814441","115564426205399301869236696955586650216","44899186094473439788331895675566550505","333248649719795680741036517270408847163","83968890063545290208140539370873203945","255924912804074091071518284765341886933","330100098406766952202016283159828515725","165469642602499849878213198293894508926","10632567311439597605179350850144820079","260577463416520206736373669263138004528","115840443822933993020765046616078771341","181543324119623997383989035925878345096","115670294945291092268053261144958436658","336184969581036824332777365500729035845","281174766806562442650610605843110252730","309947102421574928745630622570513450696","264300053721972123369851750415036675888"],"threshold":0.9},"signature_version":"v1","source":"https://github.com/the-tcpdump-group/libpcap/commit/617b12c0339db4891d117b661982126c495439ea"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-15161.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}