CVE-2019-18902
wicked: Use-after-free when receiving invalid DHCP6 client options
In short
A flaw in wicked (a network configuration tool) allows attackers to send specially crafted DHCP6 messages that cause the program to use memory that has already been freed, leading to crashes or potentially allowing attackers to run malicious code on affected systems.
Technical detail
Use-after-free vulnerability in wicked's DHCP6 client option handling (CWE-416). Remote attackers can exploit this by sending malformed DHCP6 packets to trigger memory access violations, resulting in denial of service or potential code execution on systems running vulnerable versions.
Summary generated and translated by AI from the official description.
A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-3.5.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-3.21.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.6.1. openSUSE Factory wicked versions prior to 0.6.62.
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
openSUSE · FactoryopenSUSE · Leap 15.1SUSE · SUSE Linux Enterprise Server 12SUSE · SUSE Linux Enterprise Server 15Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →