CVE-2019-6470
Vulnerability from cvelistv5
Published
2019-11-01 22:15
Modified
2024-09-17 01:25
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
dhcpd: use-after-free error leads crash in IPv6 mode when using mismatched BIND libraries
References
security-officer@isc.orghttps://access.redhat.com/errata/RHSA-2019:2060Third Party Advisory
security-officer@isc.orghttps://access.redhat.com/errata/RHSA-2019:3525Third Party Advisory
security-officer@isc.orghttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122Exploit, Mailing List, Third Party Advisory
security-officer@isc.orghttps://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.htmlMailing List, Third Party Advisory
security-officer@isc.orghttps://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.htmlMailing List, Third Party Advisory
Impacted products
Multiple, non-ISCdhcpd
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:23:21.296Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2060"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122"
          },
          {
            "name": "RHSA-2019:3525",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3525"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "dhcpd",
          "vendor": "Multiple, non-ISC",
          "versions": [
            {
              "status": "affected",
              "version": "builds not wholly from ISC source \u003c 4.4.1"
            }
          ]
        }
      ],
      "datePublic": "2019-05-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A use-after-free error in DHCPv6 processing when interfacing with newer BIND libraries leads to frequent crashes",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-06T00:08:09",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2060"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122"
        },
        {
          "name": "RHSA-2019:3525",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3525"
        }
      ],
      "source": {
        "discovery": "USER"
      },
      "title": "dhcpd: use-after-free error leads crash in IPv6 mode when using mismatched BIND libraries",
      "x_generator": {
        "engine": "Vulnogram 0.0.8"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-officer@isc.org",
          "DATE_PUBLIC": "2019-05-11T12:00:00.000Z",
          "ID": "CVE-2019-6470",
          "STATE": "PUBLIC",
          "TITLE": "dhcpd: use-after-free error leads crash in IPv6 mode when using mismatched BIND libraries"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "dhcpd",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "builds not wholly from ISC source",
                            "version_value": "\u003c 4.4.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Multiple, non-ISC"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.8"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "A use-after-free error in DHCPv6 processing when interfacing with newer BIND libraries leads to frequent crashes"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://access.redhat.com/errata/RHSA-2019:2060",
              "refsource": "CONFIRM",
              "url": "https://access.redhat.com/errata/RHSA-2019:2060"
            },
            {
              "name": "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html",
              "refsource": "CONFIRM",
              "url": "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html"
            },
            {
              "name": "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html",
              "refsource": "CONFIRM",
              "url": "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html"
            },
            {
              "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122",
              "refsource": "CONFIRM",
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122"
            },
            {
              "name": "RHSA-2019:3525",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3525"
            }
          ]
        },
        "source": {
          "discovery": "USER"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2019-6470",
    "datePublished": "2019-11-01T22:15:33.599863Z",
    "dateReserved": "2019-01-16T00:00:00",
    "dateUpdated": "2024-09-17T01:25:37.218Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-6470\",\"sourceIdentifier\":\"security-officer@isc.org\",\"published\":\"2019-11-01T23:15:10.510\",\"lastModified\":\"2019-11-06T21:52:25.647\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation.\"},{\"lang\":\"es\",\"value\":\"Se hab\u00eda presentado en una de las bibliotecas ISC BIND un error en una funci\u00f3n que fue usada por dhcpd cuando operaba en modo DHCPv6. Tambi\u00e9n hubo un error en dhcpd relacionado con el uso de esta funci\u00f3n seg\u00fan su documentaci\u00f3n, pero el error en la funci\u00f3n library impide que esto causara alg\u00fan da\u00f1o. Todas las versiones de dhcpd de ISC contienen copias de esta y otras bibliotecas BIND en combinaciones que han sido probadas antes de su lanzamiento y se sabe que no presentan problemas como este. Algunos empaquetadores de terceros del software ISC de terceros han modificado la fuente dhcpd, la fuente BIND o la comparaci\u00f3n de versiones de manera que crean el potencial bloqueo. Seg\u00fan los reportes disponibles para ISC, la probabilidad de bloqueo es grande y no ha sido realizado ning\u00fan an\u00e1lisis sobre c\u00f3mo, o inclusive si, la probabilidad puede ser manipulada por parte un atacante. Afecta: Compilaciones de versiones de dhcpd anteriores a la versi\u00f3n 4.4.1 cuando se usan las versiones BIND 9.11.2 o posteriores, o versiones BIND con correcciones de bugs espec\u00edficas que respaldaron. ISC no tiene acceso a listas completas de versiones para todos los reempaques de dhcpd que son vulnerables. En particular, las compilaciones de otros proveedores tambi\u00e9n pueden estar afectadas. Es recomendado que los operadores consulten la documentaci\u00f3n de su proveedor.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"security-officer@isc.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.11.2\",\"matchCriteriaId\":\"A80D63A0-7017-4D5C-95F0-A86E7FBB401D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:dhcpd:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.4.1\",\"matchCriteriaId\":\"C9CECDA8-1A75-47BD-8799-3E411B392E22\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2060\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3525\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.