First published: Wed Oct 16 2019(Updated: )
A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.
Credit: security-officer@isc.org
Affected Software | Affected Version | How to fix |
---|---|---|
ISC Kea | >=1.4.0<=1.5.0 | |
ISC Kea | =1.6.0-beta1 | |
ISC Kea | =1.6.0-beta2 |
Upgrade to a version of Kea containing a fix, available via https://www.isc.org/downloads. - Kea 1.4.0-P2 - Kea 1.5.0-P1 - Kea 1.6.0
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-6472 is a vulnerability in the Kea DHCPv6 server process (kea-dhcp6) that can be triggered by a packet containing a malformed DUID, leading to an assertion failure and the server process exiting.
Versions 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2 of the Kea DHCPv6 server are affected by CVE-2019-6472.
CVE-2019-6472 has a severity rating of 6.5, classified as medium.
To fix CVE-2019-6472, update your Kea DHCPv6 server to a version that is not affected by the vulnerability.
You can find additional information about CVE-2019-6472 at the following reference link: https://kb.isc.org/docs/cve-2019-6472