{
  "version": "1",
  "package": [
    {
      "name": "libpcap",
      "layer": "meta",
      "version": "1.10.4",
      "products": [
        {
          "product": "libpcap",
          "cvesInRecord": "Yes"
        }
      ],
      "issue": [
        {
          "id": "CVE-2011-1935",
          "summary": "pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d9437200e028f1c47c93 when snaplen is set may truncate packets, which might allow remote attackers to send arbitrary data while avoiding detection via crafted packets.",
          "scorev2": "7.5",
          "scorev3": "9.8",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2011-1935"
        },
        {
          "id": "CVE-2019-15161",
          "summary": "rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request.",
          "scorev2": "5.0",
          "scorev3": "5.3",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2019-15161"
        },
        {
          "id": "CVE-2019-15162",
          "summary": "rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.",
          "scorev2": "5.0",
          "scorev3": "5.3",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2019-15162"
        },
        {
          "id": "CVE-2019-15163",
          "summary": "rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails.",
          "scorev2": "5.0",
          "scorev3": "7.5",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2019-15163"
        },
        {
          "id": "CVE-2019-15164",
          "summary": "rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source.",
          "scorev2": "5.0",
          "scorev3": "5.3",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2019-15164"
        },
        {
          "id": "CVE-2019-15165",
          "summary": "sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.",
          "scorev2": "5.0",
          "scorev3": "5.3",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2019-15165"
        }
      ]
    }
  ]
}