Bug 1760618 (CVE-2019-15165)
Summary: | CVE-2019-15165 libpcap: Resource exhaustion during PHB header length validation | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | luhliari, mruprich, msehnout, msekleta, thozza |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | libpcap 1.9.1 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-11-04 02:22:41 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1760624, 1792207, 1792208 | ||
Bug Blocks: | 1760627 |
Description
Pedro Sampaio
2019-10-10 23:28:09 UTC
Created libpcap tracking bugs for this issue: Affects: fedora-all [bug 1760624] Statement: A Low Impact has been given to this flaw even though the CVSSv3 is 7.5, because libpcap library is mainly used as part of debugging tools like wireshark or tcpdump, where an impact to the Availability is not considered security relevant in a reasonable scenario. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4547 https://access.redhat.com/errata/RHSA-2020:4547 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-15165 |