CVE-2019-6470
Severity
7.5HIGH
EPSS
0.3%
top 50.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 1
Latest updateMay 24
Description
There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers o…
CVSS vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6
Affected Packages8 packages
Also affects: Enterprise Linux 8.0, 8.1, 8.2, 8.4, 8.6, 8.8, 7.0
🔴Vulnerability Details
3GHSA▶
GHSA-w4w8-43xj-r4wr: There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode↗2022-05-24
CVEList▶
dhcpd: use-after-free error leads crash in IPv6 mode when using mismatched BIND libraries↗2019-11-01
OSV▶
CVE-2019-6470: There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode↗2019-11-01
📋Vendor Advisories
4Microsoft▶
dhcpd: use-after-free error leads crash in IPv6 mode when using mismatched BIND libraries↗2019-11-12
Debian▶
CVE-2019-6470: isc-dhcp - There had existed in one of the ISC BIND libraries a bug in a function that was ...↗2019
Red Hat▶
dhcp: double-deletion of the released addresses in the dhcpv6 code leading to crash and possible DoS↗2018-07-14