CVE-2019-0697
published 2019-04-09CVE-2019-0697: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP…
PriorityP267critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
29.65%
98.0th percentile
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0698, CVE-2019-0726.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server_2016 | — | — |
| msrc | windows_10_version_1803_for_32-bit_systems | — | — |
| msrc | windows_10_version_1803_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1803_for_x64-based_systems | — | — |
| msrc | windows_10_version_1809_for_32-bit_systems | — | — |
| msrc | windows_10_version_1809_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1809_for_x64-based_systems | — | — |
| msrc | windows_server_2019 | — | — |
| msrc | windows_server_version_1803 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is triggered via specially crafted DHCP responses sent to a Windows DHCP client; monitor for anomalous or malformed DHCP response packets on the network (UDP port 68 client-side / port 67 server-side) ↗
- →Attack vector is network-based with no authentication required; a rogue DHCP server or man-in-the-middle on the local network segment could deliver the malicious response — flag unexpected DHCP servers on the network ↗
- →Target process is the Windows DHCP client service (svchost.exe hosting Dhcp service); monitor for unexpected code execution or crashes originating from this service ↗
- ·Exploit status is confirmed as NOT publicly disclosed and NOT exploited in the wild at time of advisory; exploitation assessed as 'Less Likely' for both latest and older software releases ↗
- ·CVE-2019-0697 is one of three related Windows DHCP Client RCE vulnerabilities; ensure detection logic also covers CVE-2019-0698 and CVE-2019-0726 as they share the same attack surface ↗
- ·Patching reference: apply KB4489868 or KB4489899 to remediate; unpatched systems remain the detection priority ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xfvv-5229-rm3v: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows
ghsa_unreviewed·2022-05-13·CVSS 9.8
CVE-2019-0726 [CRITICAL] CWE-787 GHSA-xfvv-5229-rm3v: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0697, CVE-2019-0698.
GHSA
GHSA-c773-95pr-cwwc: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows
ghsa_unreviewed·2022-05-13·CVSS 9.8
CVE-2019-0698 [CRITICAL] CWE-787 GHSA-c773-95pr-cwwc: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0697, CVE-2019-0726.
GHSA
GHSA-4p2v-3qr6-pv3r: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows
ghsa_unreviewed·2022-05-13·CVSS 9.8
CVE-2019-0697 [CRITICAL] CWE-787 GHSA-4p2v-3qr6-pv3r: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0698, CVE-2019-0726.
Microsoft
Windows DHCP Client Remote Code Execution Vulnerability
vendor_msrc·2019-03-12·CVSS 9.8
CVE-2019-0697 [CRITICAL] Windows DHCP Client Remote Code Execution Vulnerability
Windows DHCP Client Remote Code Execution Vulnerability
Description: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine.
To exploit the vulnerability, an attacker could send specially crafted DHCP responses to a client.
The security update addresses the vulnerability by correcting how Windows DHCP clients handle certain DHCP responses.
Windows DHCP Client: Windows DHCP Client
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Reference: https://catalog.update.micros
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-8788 freerdp: Out-of-bounds write in nsc_rle_decode() function
bugzilla·2019-01-31·CVSS 9.8
CVE-2018-8788 [CRITICAL] CVE-2018-8788 freerdp: Out-of-bounds write in nsc_rle_decode() function
CVE-2018-8788 freerdp: Out-of-bounds write in nsc_rle_decode() function
FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption.
Upstream patch:
https://github.com/FreeRDP/FreeRDP/commit/d1112c279bd1a327e8e4d0b5f371458bf2579659
Discussion:
Created freerdp tracking bugs for this issue:
Affects: epel-6 [bug 1671370]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2019:0697 https://access.redhat.com/errata/RHSA-2019:0697
Bugzilla
CVE-2018-8787 freerdp: Integer overflow leading to heap-based buffer overflow in gdi_Bitmap_Decompress() function
bugzilla·2019-01-31·CVSS 9.8
CVE-2018-8787 [CRITICAL] CVE-2018-8787 freerdp: Integer overflow leading to heap-based buffer overflow in gdi_Bitmap_Decompress() function
CVE-2018-8787 freerdp: Integer overflow leading to heap-based buffer overflow in gdi_Bitmap_Decompress() function
FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption.
Upstream patch:
https://github.com/FreeRDP/FreeRDP/commit/09b9d4f1994a674c4ec85b4947aa656eda1aed8a
Discussion:
Created freerdp tracking bugs for this issue:
Affects: epel-6 [bug 1671370]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2019:0697 https://access.redhat.com/errata/RHSA-2019:0697
2019-04-09
Published