CVE-2019-6473 - An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dh

CVE-2019-6473

Summary

An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dhcp4), causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.

References

https://kb.isc.org/docs/cve-2019-6473

Vulnerable Configurations

cpe:2.3:a:ics:kea:*:*:*:*:*:*:*:*
cpe:2.3:a:ics:kea:*:*:*:*:*:*:*:*
cpe:2.3:a:ics:kea:1.6.0:beta1:*:*:*:*:*:*
cpe:2.3:a:ics:kea:1.6.0:beta1:*:*:*:*:*:*
cpe:2.3:a:ics:kea:1.6.0:beta2:*:*:*:*:*:*
cpe:2.3:a:ics:kea:1.6.0:beta2:*:*:*:*:*:*

CVSS

Base:	3.3 (as of 21-10-2019 - 18:50)
Impact:
Exploitability:

CWE

CWE-617

CAPEC

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:A/AC:L/Au:N/C:N/I:N/A:P

refmap via4

confirm

https://kb.isc.org/docs/cve-2019-6473

Last major update

21-10-2019 - 18:50

Published

16-10-2019 - 18:15

Last modified

21-10-2019 - 18:50