CVE-2019-15166
Summary
| CVE | CVE-2019-15166 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-10-03 17:15:00 UTC |
| Updated | 2023-11-07 03:05:00 UTC |
| Description | lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. |
Risk And Classification
Problem Types: CWE-120
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Apple | Mac Os X | All | All | All | All |
| Operating System | Apple | Mac Os X | All | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 29 | All | All | All |
| Operating System | Fedoraproject | Fedora | 30 | All | All | All |
| Operating System | Fedoraproject | Fedora | 31 | All | All | All |
| Operating System | Fedoraproject | Fedora | 29 | All | All | All |
| Operating System | Fedoraproject | Fedora | 30 | All | All | All |
| Operating System | Fedoraproject | Fedora | 31 | All | All | All |
| Application | Netapp | Cloud Backup | - | All | All | All |
| Application | Netapp | Hci Management Node | - | All | All | All |
| Application | Netapp | Solidfire | - | All | All | All |
| Operating System | Opensuse | Leap | 15.0 | All | All | All |
| Operating System | Opensuse | Leap | 15.1 | All | All | All |
| Operating System | Opensuse | Leap | 15.0 | All | All | All |
| Operating System | Opensuse | Leap | 15.1 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 8.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 8.0 | All | All | All |
| Application | Tcpdump | Tcpdump | All | All | All | All |
| Application | Tcpdump | Tcpdump | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [security-announce] openSUSE-SU-2019:2344-1: important: Security update | SUSE | lists.opensuse.org | Third Party Advisory |
| Debian -- Security Information -- DSA-4547-1 tcpdump | DEBIAN | www.debian.org | Third Party Advisory |
| [SECURITY] Fedora 29 Update: tcpdump-4.9.3-1.fc29 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| (for 4.9.3) LMP: Add some missing bounds checks · the-tcpdump-group/tcpdump@0b661e0 · GitHub | CONFIRM | github.com | Patch, Third Party Advisory |
| Full Disclosure: APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | FULLDISC | seclists.org | Mailing List, Third Party Advisory |
| [SECURITY] Fedora 29 Update: tcpdump-4.9.3-1.fc29 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| USN-4252-1: tcpdump vulnerabilities | Ubuntu security notices | UBUNTU | usn.ubuntu.com | |
| October 2019 Tcpdump Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| [SECURITY] Fedora 31 Update: tcpdump-4.9.3-1.fc31 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| tcpdump/CHANGES at tcpdump-4.9 · the-tcpdump-group/tcpdump · GitHub | MISC | github.com | Release Notes, Third Party Advisory |
| USN-4252-2: tcpdump vulnerabilities | Ubuntu security notices | UBUNTU | usn.ubuntu.com | |
| About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra - Apple Support | CONFIRM | support.apple.com | Third Party Advisory |
| [SECURITY] [DLA 1955-1] tcpdump security update | MLIST | lists.debian.org | Third Party Advisory |
| [SECURITY] Fedora 30 Update: tcpdump-4.9.3-1.fc30 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [security-announce] openSUSE-SU-2019:2348-1: important: Security update | SUSE | lists.opensuse.org | Third Party Advisory |
| [SECURITY] Fedora 30 Update: tcpdump-4.9.3-1.fc30 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| [SECURITY] Fedora 31 Update: tcpdump-4.9.3-1.fc31 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| Bugtraq: [SECURITY] [DSA 4547-1] tcpdump security update | BUGTRAQ | seclists.org | Mailing List, Third Party Advisory |
| Bugtraq: APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | BUGTRAQ | seclists.org | Mailing List, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 376142 F5 BIG-IP Local Traffic Manager (LTM), Application Security Manager (ASM), Access Policy Manager (APM) Multiple Vulnerabilities (K44551633)
- 500686 Alpine Linux Security Update for tcpdump
- 504455 Alpine Linux Security Update for tcpdump
- 671116 EulerOS Security Update for tcpdump (EulerOS-SA-2019-2703)
- 940081 AlmaLinux Security Update for tcpdump (ALSA-2020:4760)
- 960865 Rocky Linux Security Update for tcpdump (RLSA-2020:4760)