CVE-2019-6472
First published: Wed Oct 16 2019(Updated: )
A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.
Credit: security-officer@isc.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ISC Kea | >=1.4.0<=1.5.0 | |
| ISC Kea | =1.6.0-beta1 | |
| ISC Kea | =1.6.0-beta2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-6472?
CVE-2019-6472 is a vulnerability in the Kea DHCPv6 server process (kea-dhcp6) that can be triggered by a packet containing a malformed DUID, leading to an assertion failure and the server process exiting.
Which versions of Kea DHCPv6 server are affected by CVE-2019-6472?
Versions 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2 of the Kea DHCPv6 server are affected by CVE-2019-6472.
What is the severity of CVE-2019-6472?
CVE-2019-6472 has a severity rating of 6.5, classified as medium.
How can I fix CVE-2019-6472?
To fix CVE-2019-6472, update your Kea DHCPv6 server to a version that is not affected by the vulnerability.
Where can I find more information about CVE-2019-6472?
You can find additional information about CVE-2019-6472 at the following reference link: https://kb.isc.org/docs/cve-2019-6472
- collector/nvd-index
- vendor/isc
- canonical/isc kea
- version/isc kea/1.4.0
- version/isc kea/1.5.0
- version/isc kea/1.6.0-beta1
- version/isc kea/1.6.0-beta2