A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate
CVE-2019-6472

6.5MEDIUM

Key Information:

Vendor: Isc
Status: Kea
Vendor: CVE Published:; 28 August 2019

Summary

A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.

Affected Version(s)

Kea 1.4.0 to 1.5.0

Kea 1.6.0-beta1

Kea 1.6.0-beta2

References

https://kb.isc.org/docs/cve-2019-6472

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 28, 2019
Vulnerability Reserved
Jan 16, 2019