CVE-2019-6472

CVE-2019-6472

Name

CVE-2019-6472

Description

A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	https://kb.isc.org/docs/cve-2019-6472

Type

URI

Vendor Advisory

https://kb.isc.org/docs/cve-2019-6472

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:isc:kea::::::::`	kea	>= 1.4.0	<= 1.5.0
`cpe:2.3:a:isc:kea:1.6.0:beta1::::::`	kea	== None	== 1.6.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:isc:kea:*:*:*:*:*:*:*:*

kea

>= 1.4.0

<= 1.5.0

cpe:2.3:a:isc:kea:1.6.0:beta1:*:*:*:*:*:*

kea

== None

== 1.6.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
kea	edge-main	1.7.2-r0	None	fixed
kea	edge-community	1.7.2-r0	None	fixed
kea	3.22-main	1.7.2-r0	None	fixed
kea	3.21-main	1.7.2-r0	None	fixed
kea	3.20-main	1.7.2-r0	None	fixed
kea	3.19-main	1.7.2-r0	None	fixed
kea	3.18-main	1.7.2-r0	None	fixed
kea	3.17-main	1.7.2-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

kea

edge-main

1.7.2-r0

None

fixed

kea

edge-community