{
  "threat_severity" : "Low",
  "public_date" : "2019-09-20T00:00:00Z",
  "bugzilla" : {
    "description" : "libpcap: Resource exhaustion during PHB header length validation",
    "id" : "1760618",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1760618"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-400",
  "details" : [ "sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory." ],
  "statement" : "A Low Impact has been given to this flaw even though the CVSSv3 is 7.5, because libpcap library is mainly used as part of debugging tools like wireshark or tcpdump, where an impact to the Availability is not considered security relevant in a reasonable scenario.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-11-04T00:00:00Z",
    "advisory" : "RHSA-2020:4547",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "libpcap-14:1.9.1-4.el8"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "libpcap",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "libpcap",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-15165\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15165" ],
  "name" : "CVE-2019-15165",
  "csaw" : false
}