CVE-2019-18902

CWE-416Use After Free3 documents3 sources
Severity
9.8CRITICAL
EPSS
2.8%
top 13.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Opensuse FactoryOpensuse Leap 15.1Suse Suse Linux Enterprise Server 12+3 more
Timeline
PublishedMar 2
Latest updateMay 24

Description

A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-3.5.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-3.21.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.6.1. openSUSE Factory wicked versions prior to 0.6.62.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages6 packages

CVEListV5suse/suse_linux_enterprise_server_12wicked0.6.60-3.5.1
CVEListV5suse/suse_linux_enterprise_server_15wicked0.6.60-3.21.1
CVEListV5opensuse/factorywicked0.6.62
CVEListV5opensuse/leap_15.1wicked0.6.60-lp151.2.6.1

🔴Vulnerability Details

2
GHSA
GHSA-vj69-jmfq-4mjc: A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 152022-05-24
CVEList
wicked: Use-after-free when receiving invalid DHCP6 client options2020-03-02