CVE-2019-15165

Name: CVE-2019-15165
Creator: NVD / NIST
Published: 2019-10-03T19:15:09.473+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.3/10EPSS 2.83%

Last modified Jun 17, 2026

CVE-2019-15165 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.. EPSS estimates a 2.83% chance of exploitation in the next 30 days.

Description

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

Metrics

CVSS 3.1

5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS Probability

2.83%

84.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions	Update
Tcpdump	Libpcap	< 1.9.1	—
Debian	Debian Linux	8.0	—
Debian	Debian Linux	9.0	—
Opensuse	Leap	15.0	—
Opensuse	Leap	15.1	—
Oracle	Communications Operations Monitor	3.4	—
Oracle	Communications Operations Monitor	4.0	—
Oracle	Communications Operations Monitor	4.1	—
Oracle	Communications Operations Monitor	4.2	—
Oracle	Communications Operations Monitor	4.3	—
Apple	Ipados	13.3	—
Apple	Iphone Os	13.3	—
Apple	Mac Os X	>= 10.13, < 10.13.6	—
Apple	Mac Os X	10.13.6	Security Update 2019-007
Apple	Mac Os X	10.14.6	Security Update 2019-002
Apple	Mac Os X	10.15.2	—
Apple	Tvos	13.3	—
Apple	Watchos	6.1.1	—
Canonical	Ubuntu Linux	12.04	—
Canonical	Ubuntu Linux	14.04	—
Canonical	Ubuntu Linux	16.04	—
Canonical	Ubuntu Linux	18.04	—
Canonical	Ubuntu Linux	19.04	—
Fedoraproject	Fedora	29	—
Fedoraproject	Fedora	30	—
Fedoraproject	Fedora	31	—

References

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00052.htmlMailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2019/Dec/26Issue Tracking, Mailing List, Third Party Advisory
https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGESProduct, Release Notes
https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20abPatch, Third Party Advisory
https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6Patch, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00031.htmlMailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00014.htmlMailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/
https://seclists.org/bugtraq/2019/Dec/23Mailing List, Third Party Advisory
https://support.apple.com/kb/HT210785Third Party Advisory
https://support.apple.com/kb/HT210788Third Party Advisory
https://support.apple.com/kb/HT210789Third Party Advisory
https://support.apple.com/kb/HT210790Third Party Advisory
https://usn.ubuntu.com/4221-1/Third Party Advisory
https://usn.ubuntu.com/4221-2/Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
https://www.tcpdump.org/public-cve-list.txtVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00052.htmlMailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2019/Dec/26Issue Tracking, Mailing List, Third Party Advisory
https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGESProduct, Release Notes
https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20abPatch, Third Party Advisory
https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6Patch, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00031.htmlMailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00014.htmlMailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/
https://seclists.org/bugtraq/2019/Dec/23Mailing List, Third Party Advisory
https://support.apple.com/kb/HT210785Third Party Advisory
https://support.apple.com/kb/HT210788Third Party Advisory
https://support.apple.com/kb/HT210789Third Party Advisory
https://support.apple.com/kb/HT210790Third Party Advisory
https://usn.ubuntu.com/4221-1/Third Party Advisory
https://usn.ubuntu.com/4221-2/Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
https://www.tcpdump.org/public-cve-list.txtVendor Advisory

Timeline

Published: Oct 3, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-15165?

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

How severe is CVE-2019-15165?

CVE-2019-15165 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 2.83% probability of exploitation in the next 30 days.

How do I fix CVE-2019-15165?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-15165?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST