Incorrect Calculation of Buffer Size

CVE-2019-15161

Medium

5.3/10

Summary

The "rpcapd/daemon.c" file in libpcap versions prior to 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-131 - Incorrect Calculation of Buffer Size

The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

References

Disclosure
Advisory

Advisory Timeline

Published Oct 03, 2019

Incorrect Calculation of Buffer Size

CVE-2019-15161

Summary

CWE-131 - Incorrect Calculation of Buffer Size

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS