CVE-2019-6472 - OpenCVE

A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:A/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Isc	Kea

Configuration 1 [-]

OR	cpe:2.3:a:isc:kea::::::::
	cpe:2.3:a:isc:kea:1.6.0:beta1::::::
	cpe:2.3:a:isc:kea:1.6.0:beta2::::::

No data.

References

Link	Providers
https://kb.isc.org/docs/cve-2019-6472

History

No history.

MITRE

Status: PUBLISHED

Assigner: isc

Published: 2019-10-16T17:22:16.689124Z

Updated: 2024-09-17T03:58:54.278Z

Reserved: 2019-01-16T00:00:00

Link: CVE-2019-6472

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-10-16T18:15:37.043

Modified: 2019-12-05T14:28:50.940

Link: CVE-2019-6472

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Kea", "vendor": "ISC", "versions": [{"status": "affected", "version": "1.4.0 to 1.5.0"}, {"status": "affected", "version": "1.6.0-beta1"}, {"status": "affected", "version": "1.6.0-beta2"}]}], "datePublic": "2019-08-28T00:00:00", "descriptions": [{"lang": "en", "value": "A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "An attacker who is able to send a request containing a malformed DUID to the server (either directly or via a relay) can cause the DHCPv6 server process to terminate, denying service to clients. Only the DHCPv6 service is affected by this vulnerability.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-16T17:22:16", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.isc.org/docs/cve-2019-6472"}], "solutions": [{"lang": "en", "value": "Upgrade to a version of Kea containing a fix, available via\n https://www.isc.org/downloads.\n\n - Kea 1.4.0-P2\n - Kea 1.5.0-P1\n - Kea 1.6.0"}], "source": {"discovery": "INTERNAL"}, "title": "A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate", "x_generator": {"engine": "Vulnogram 0.0.8"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-officer@isc.org", "DATE_PUBLIC": "2019-08-28T21:08:44.000Z", "ID": "CVE-2019-6472", "STATE": "PUBLIC", "TITLE": "A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Kea", "version": {"version_data": [{"version_value": "1.4.0 to 1.5.0"}, {"version_value": "1.6.0-beta1"}, {"version_value": "1.6.0-beta2"}]}}]}, "vendor_name": "ISC"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2."}]}, "generator": {"engine": "Vulnogram 0.0.8"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "An attacker who is able to send a request containing a malformed DUID to the server (either directly or via a relay) can cause the DHCPv6 server process to terminate, denying service to clients. Only the DHCPv6 service is affected by this vulnerability."}]}]}, "references": {"reference_data": [{"name": "https://kb.isc.org/docs/cve-2019-6472", "refsource": "CONFIRM", "url": "https://kb.isc.org/docs/cve-2019-6472"}]}, "solution": [{"lang": "en", "value": "Upgrade to a version of Kea containing a fix, available via\n https://www.isc.org/downloads.\n\n - Kea 1.4.0-P2\n - Kea 1.5.0-P1\n - Kea 1.6.0"}], "source": {"discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:23:21.464Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.isc.org/docs/cve-2019-6472"}]}]}, "cveMetadata": {"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2019-6472", "datePublished": "2019-10-16T17:22:16.689124Z", "dateReserved": "2019-01-16T00:00:00", "dateUpdated": "2024-09-17T03:58:54.278Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:isc:kea:*:*:*:*:*:*:*:*", "matchCriteriaId": "27BBC7E1-37AF-4BC6-BA53-09CF7B8921BB", "versionEndIncluding": "1.5.0", "versionStartIncluding": "1.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:kea:1.6.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "43793833-7D0F-4C7C-80B4-F8563AD23607", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:kea:1.6.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "AECDE26A-DDFD-4035-A08E-E7A5CA37F1E8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2."}, {"lang": "es", "value": "Un paquete que contiene un DUID malformado puede hacer que el proceso del servidor Kea DHCPv6 (kea-dhcp6) se cierre debido a un error de aserci\u00f3n. Versiones afectadas: 1.4.0 hasta 1.5.0, 1.6.0-beta1 y 1.6.0-beta2."}], "id": "CVE-2019-6472", "lastModified": "2019-12-05T14:28:50.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-officer@isc.org", "type": "Secondary"}]}, "published": "2019-10-16T18:15:37.043", "references": [{"source": "security-officer@isc.org", "tags": ["Vendor Advisory"], "url": "https://kb.isc.org/docs/cve-2019-6472"}], "sourceIdentifier": "security-officer@isc.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-617"}], "source": "nvd@nist.gov", "type": "Primary"}]}