cve-2019-6470
Vulnerability from cvelistv5
Published
2019-11-01 22:15
Modified
2024-09-17 01:25
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation.
References
security-officer@isc.orghttps://access.redhat.com/errata/RHSA-2019:2060Third Party Advisory
security-officer@isc.orghttps://access.redhat.com/errata/RHSA-2019:3525Third Party Advisory
security-officer@isc.orghttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122Exploit, Mailing List, Third Party Advisory
security-officer@isc.orghttps://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.htmlMailing List, Third Party Advisory
security-officer@isc.orghttps://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2060Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3525Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.htmlMailing List, Third Party Advisory
Impacted products
Vendor Product Version
Multiple, non-ISC dhcpd Version: builds not wholly from ISC source < 4.4.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:23:21.296Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:2060",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122",
               },
               {
                  name: "RHSA-2019:3525",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:3525",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "dhcpd",
               vendor: "Multiple, non-ISC",
               versions: [
                  {
                     status: "affected",
                     version: "builds not wholly from ISC source < 4.4.1",
                  },
               ],
            },
         ],
         datePublic: "2019-05-11T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 6.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "A use-after-free error in DHCPv6 processing when interfacing with newer BIND libraries leads to frequent crashes",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-11-06T00:08:09",
            orgId: "404fd4d2-a609-4245-b543-2c944a302a22",
            shortName: "isc",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:2060",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122",
            },
            {
               name: "RHSA-2019:3525",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:3525",
            },
         ],
         source: {
            discovery: "USER",
         },
         title: "dhcpd: use-after-free error leads crash in IPv6 mode when using mismatched BIND libraries",
         x_generator: {
            engine: "Vulnogram 0.0.8",
         },
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security-officer@isc.org",
               DATE_PUBLIC: "2019-05-11T12:00:00.000Z",
               ID: "CVE-2019-6470",
               STATE: "PUBLIC",
               TITLE: "dhcpd: use-after-free error leads crash in IPv6 mode when using mismatched BIND libraries",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "dhcpd",
                                 version: {
                                    version_data: [
                                       {
                                          version_name: "builds not wholly from ISC source",
                                          version_value: "< 4.4.1",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Multiple, non-ISC",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation.",
                  },
               ],
            },
            generator: {
               engine: "Vulnogram 0.0.8",
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 6.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "A use-after-free error in DHCPv6 processing when interfacing with newer BIND libraries leads to frequent crashes",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://access.redhat.com/errata/RHSA-2019:2060",
                     refsource: "CONFIRM",
                     url: "https://access.redhat.com/errata/RHSA-2019:2060",
                  },
                  {
                     name: "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html",
                     refsource: "CONFIRM",
                     url: "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html",
                  },
                  {
                     name: "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html",
                     refsource: "CONFIRM",
                     url: "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html",
                  },
                  {
                     name: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122",
                     refsource: "CONFIRM",
                     url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122",
                  },
                  {
                     name: "RHSA-2019:3525",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:3525",
                  },
               ],
            },
            source: {
               discovery: "USER",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "404fd4d2-a609-4245-b543-2c944a302a22",
      assignerShortName: "isc",
      cveId: "CVE-2019-6470",
      datePublished: "2019-11-01T22:15:33.599863Z",
      dateReserved: "2019-01-16T00:00:00",
      dateUpdated: "2024-09-17T01:25:37.218Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2019-6470\",\"sourceIdentifier\":\"security-officer@isc.org\",\"published\":\"2019-11-01T23:15:10.510\",\"lastModified\":\"2024-11-21T04:46:30.710\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation.\"},{\"lang\":\"es\",\"value\":\"Se había presentado en una de las bibliotecas ISC BIND un error en una función que fue usada por dhcpd cuando operaba en modo DHCPv6. También hubo un error en dhcpd relacionado con el uso de esta función según su documentación, pero el error en la función library impide que esto causara algún daño. Todas las versiones de dhcpd de ISC contienen copias de esta y otras bibliotecas BIND en combinaciones que han sido probadas antes de su lanzamiento y se sabe que no presentan problemas como este. Algunos empaquetadores de terceros del software ISC de terceros han modificado la fuente dhcpd, la fuente BIND o la comparación de versiones de manera que crean el potencial bloqueo. Según los reportes disponibles para ISC, la probabilidad de bloqueo es grande y no ha sido realizado ningún análisis sobre cómo, o inclusive si, la probabilidad puede ser manipulada por parte un atacante. Afecta: Compilaciones de versiones de dhcpd anteriores a la versión 4.4.1 cuando se usan las versiones BIND 9.11.2 o posteriores, o versiones BIND con correcciones de bugs específicas que respaldaron. ISC no tiene acceso a listas completas de versiones para todos los reempaques de dhcpd que son vulnerables. En particular, las compilaciones de otros proveedores también pueden estar afectadas. Es recomendado que los operadores consulten la documentación de su proveedor.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-officer@isc.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.11.2\",\"matchCriteriaId\":\"A80D63A0-7017-4D5C-95F0-A86E7FBB401D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:dhcpd:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.4.1\",\"matchCriteriaId\":\"C9CECDA8-1A75-47BD-8799-3E411B392E22\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2060\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3525\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2060\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3525\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.