Lucene search

GoogleOSV:CVE-2019-6472

HistoryOct 16, 2019 - 6:15 p.m.

CVE-2019-6472

2019-10-1618:15:37

Google

osv.dev

6.5 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

3.3 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

26.8%

JSON

A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.

CPENameOperatorVersion
keaeq1.5.0-r2
keaeq1.5.0-r1
keaeq1.4.0-r1
keaeq1.4.0-r0
keaeq1.3.0-r0
keaeq1.5.0-r3
keaeq1.5.0-r0
keaeq1.4.0-r2

Name	Operator	Version
kea	eq	1.5.0-r2
kea	eq	1.5.0-r1
kea	eq	1.4.0-r1
kea	eq	1.4.0-r0
kea	eq	1.3.0-r0
kea	eq	1.5.0-r3
kea	eq	1.5.0-r0
kea	eq	1.4.0-r2

References

kb.isc.org/docs/cve-2019-6472

6.5 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

3.3 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

26.8%

JSON

Related for OSV:CVE-2019-6472