CVE-2019-1206 — Out-of-bounds Write in Microsoft Windows Server 2012
Severity
7.5HIGHNVD
EPSS
22.1%
top 4.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 14
Latest updateMay 24
Description
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could cause the DHCP service to become nonresponsive.
To exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP server. However, the DHCP server must be set to failover mode for the attack to succeed.
The security update addresses the vulnerability by correct…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages11 packages
Patches
🔴Vulnerability Details
2GHSA▶
GHSA-ggpr-x33h-6668: A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets, aka 'Windows DHCP Server Denial↗2022-05-24
GHSA▶
GHSA-534v-m7q8-9qgf: A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server↗2022-05-24