Candidate: CVE-2019-15161
CRD: 2019-09-30
PublicDate: 2019-10-03 19:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15161
 https://www.tcpdump.org/libpcap-changes.txt
 http://www.tcpdump.org/public-cve-list.txt
Description:
 rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values
 because of reuse of a variable. This may open up an attack vector involving
 extra data at the end of a request.
Ubuntu-Description: 
Notes: 
 sbeattie> this is likely actually fixed by
   449d95265252b291711899fd288836414791930d, and thus only affects
   windows platforms.
 sbeattie> even if accurate, it's against the libpcap daemon, introduced
   in 1.9.0 and is not included in debian/ubuntu packaging
Mitigation: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: 
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N [5.3 MEDIUM]


Patches_libpcap:
 upstream: https://github.com/the-tcpdump-group/libpcap/commit/617b12c0339db4891d117b661982126c495439ea
upstream_libpcap: released (1.9.1-1)
precise/esm_libpcap: not-affected (code not present)
trusty_libpcap: ignored (out of standard support)
trusty/esm_libpcap: not-affected (code not present)
xenial_libpcap: not-affected (code not present)
esm-infra/xenial_libpcap: not-affected (code not present)
bionic_libpcap: not-affected (code not present)
disco_libpcap: not-affected (code not present)
eoan_libpcap: not-affected (code not built)
devel_libpcap: not-affected (code not built)