wicked: Use-after-free when receiving invalid DHCP6 client options
CVE-2019-18902
7.5HIGH
Key Information:
- Vendor
Suse
- Vendor
- CVE Published:
- 2 March 2020
What is CVE-2019-18902?
A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-3.5.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-3.21.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.6.1. openSUSE Factory wicked versions prior to 0.6.62.
Affected Version(s)
Factory wicked < 0.6.62
Leap 15.1 wicked < 0.6.60-lp151.2.6.1
SUSE Linux Enterprise Server 12 wicked < 0.6.60-3.5.1