Candidate: CVE-2019-15164
CRD: 2019-09-30
PublicDate: 2019-10-03 19:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15164
 https://www.tcpdump.org/libpcap-changes.txt
 http://www.tcpdump.org/public-cve-list.txt
Description:
 rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be
 provided as a capture source.
Ubuntu-Description: 
Notes: 
 sbeattie> issue is in the libpcap daemon, introduced
   in 1.9.0 and is not included in debian/ubuntu packaging
Mitigation: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: 
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N [5.3 MEDIUM]


Patches_libpcap:
 upstream: https://github.com/the-tcpdump-group/libpcap/commit/33834cb2a4d035b52aa2a26742f832a112e90a0a
upstream_libpcap: released (1.9.1-1)
precise/esm_libpcap: not-affected (code not present)
trusty_libpcap: ignored (out of standard support)
trusty/esm_libpcap: not-affected (code not present)
xenial_libpcap: not-affected (code not present)
esm-infra/xenial_libpcap: not-affected (code not present)
bionic_libpcap: not-affected (code not present)
disco_libpcap: not-affected (code not present)
eoan_libpcap: not-affected (code not built)
devel_libpcap: not-affected (code not built)