CVE-2019-15163: Null Pointer Dereference
First published: Thu Oct 03 2019(Updated: )
libpcap. Multiple issues were addressed by updating to libpcap version 1.9.1
Credit: CVE-2019-15161 CVE-2019-15162 CVE-2019-15163 CVE-2019-15164 CVE-2019-15165 CVE-2019-15161 CVE-2019-15162 CVE-2019-15163 CVE-2019-15164 CVE-2019-15165 CVE-2019-15161 CVE-2019-15162 CVE-2019-15163 CVE-2019-15164 CVE-2019-15165 cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tcpdump Libpcap | <1.9.1 | |
| Apple tvOS | <13.3 | 13.3 |
| Apple watchOS | <6.1.1 | 6.1.1 |
| Apple iOS | <13.3 | 13.3 |
| Apple iPadOS | <13.3 | 13.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT210785 (Advisory)
- https://support.apple.com/en-us/HT210789 (Advisory)
- https://support.apple.com/en-us/HT210790 (Advisory)
- http://seclists.org/fulldisclosure/2019/Dec/26
- https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES
- https://github.com/the-tcpdump-group/libpcap/commit/437b273761adedcbd880f714bfa44afeec186a31
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/
- https://seclists.org/bugtraq/2019/Dec/23
- https://support.apple.com/kb/HT210785
- https://support.apple.com/kb/HT210788
- https://support.apple.com/kb/HT210789
- https://support.apple.com/kb/HT210790
- https://support.f5.com/csp/article/K92862401?utm_source=f5support&utm_medium=RSS
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.tcpdump.org/public-cve-list.txt
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2019-15163.
What is the severity level of CVE-2019-15163?
The severity level of CVE-2019-15163 is high.
What is the description of CVE-2019-15163?
CVE-2019-15163 is a vulnerability in libpcap that allows attackers to cause a denial of service by triggering a NULL pointer dereference and daemon crash when a crypt() call fails.
Which software versions are affected by CVE-2019-15163?
Tcpdump Libpcap versions up to 1.9.1, Apple watchOS up to 6.1.1, Apple tvOS up to 13.3, Apple iOS up to 13.3, and Apple iPadOS up to 13.3 are affected by CVE-2019-15163.
How can I fix CVE-2019-15163?
To fix CVE-2019-15163, update to libpcap version 1.9.1 or apply the necessary security patches provided by Apple for watchOS, tvOS, iOS, and iPadOS.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/apple-support
- alias/CVE-2019-15162
- alias/CVE-2019-15163
- alias/CVE-2019-15164
- alias/CVE-2019-15165
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/apple
- canonical/apple ios
- canonical/apple ipados
- canonical/apple watchos
- canonical/apple tvos
- vendor/tcpdump
- canonical/tcpdump libpcap