CVE-2019-11578
published 2019-04-28CVE-2019-11578: auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks.
PriorityP429medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
EPSS
2.03%
78.6th percentile
auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dhcpcd5 | < dhcpcd5 7.1.0-2 (bookworm) | dhcpcd5 7.1.0-2 (bookworm) |
| dhcpcd_project | dhcpcd | < 7.2.1 | 7.2.1 |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv5.9MEDIUM
vendor_debian5.9LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wmp8-c7xc-v29x: auth
ghsa_unreviewed·2022-05-24
CVE-2019-11578 [MEDIUM] GHSA-wmp8-c7xc-v29x: auth
auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks.
OSV
CVE-2019-11578: auth
osv·2019-04-28·CVSS 5.9
CVE-2019-11578 [MEDIUM] CVE-2019-11578: auth
auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks.
Debian
CVE-2019-11578: dhcpcd5 - auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing l...
vendor_debian·2019·CVSS 5.9
CVE-2019-11578 [MEDIUM] CVE-2019-11578: dhcpcd5 - auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing l...
auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks.
Scope: local
bookworm: resolved (fixed in 7.1.0-2)
bullseye: resolved (fixed in 7.1.0-2)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-11578 dhcpcd: information disclosure in auth.c
bugzilla·2019-05-07·CVSS 5.9
CVE-2019-11578 [MEDIUM] CVE-2019-11578 dhcpcd: information disclosure in auth.c
CVE-2019-11578 dhcpcd: information disclosure in auth.c
auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks.
Reference:
https://roy.marples.name/archives/dhcpcd-discuss/0002415.html
Upstream commit:
https://roy.marples.name/cgit/dhcpcd.git/commit/?id=7121040790b611ca3fbc400a1bbcd4364ef57233
https://roy.marples.name/cgit/dhcpcd.git/commit/?id=aee631aadeef4283c8a749c1caf77823304acf5e
https://roy.marples.name/cgit/dhcpcd.git/commit/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784da
Discussion:
Created dhcpcd tracking bugs for this issue:
Affects: fedora-all [bug 1707385]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent
Bugzilla
CVE-2019-11578 dhcpcd: information disclosure in auth.c [fedora-all]
bugzilla·2019-05-07·CVSS 5.9
CVE-2019-11578 [MEDIUM] CVE-2019-11578 dhcpcd: information disclosure in auth.c [fedora-all]
CVE-2019-11578 dhcpcd: information disclosure in auth.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedor
http://www.securityfocus.com/bid/108090https://roy.marples.name/archives/dhcpcd-discuss/0002415.htmlhttps://roy.marples.name/git/dhcpcd.git/commit/?id=7121040790b611ca3fbc400a1bbcd4364ef57233https://roy.marples.name/git/dhcpcd.git/commit/?id=aee631aadeef4283c8a749c1caf77823304acf5ehttps://roy.marples.name/git/dhcpcd.git/commit/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784dahttp://www.securityfocus.com/bid/108090https://roy.marples.name/archives/dhcpcd-discuss/0002415.htmlhttps://roy.marples.name/git/dhcpcd.git/commit/?id=7121040790b611ca3fbc400a1bbcd4364ef57233https://roy.marples.name/git/dhcpcd.git/commit/?id=aee631aadeef4283c8a749c1caf77823304acf5ehttps://roy.marples.name/git/dhcpcd.git/commit/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784da
2019-04-28
Published