CVE-2019-18903 — Use After Free in Factory

CWE-416 — Use After Free3 documents3 sources

Severity

9.8CRITICALNVD

CNA7.5

EPSS

2.8%

top 13.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opensuse Factory Opensuse Leap 15.1 Suse Linux Enterprise Server 12 +3 more

Timeline

PublishedMar 2

Latest updateMay 24

Description

A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-2.18.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-28.26.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.9.1. openSUSE Factory wicked versions prior to 0.6.62.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5suse/suse_linux_enterprise_server_12wicked — 0.6.60-2.18.1

▶CVEListV5suse/suse_linux_enterprise_server_15wicked — 0.6.60-28.26.1

▶NVDsuse/linux_enterprise_server12, 15+1

▶CVEListV5opensuse/factorywicked — 0.6.62

▶CVEListV5opensuse/leap_15.1wicked — 0.6.60-lp151.2.9.1

🔴Vulnerability Details

GHSA

GHSA-6gv4-2ccp-8f55: A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15↗2022-05-24

▶

CVEList

wicked: Use-after-free when receiving invalid DHCP6 IA_PD option↗2020-03-02

▶