CVE-2019-18903
wicked: Use-after-free when receiving invalid DHCP6 IA_PD option
In short
A memory management flaw in wicked allows an attacker to send a malformed DHCP6 network configuration option that crashes the system or potentially executes code. This affects network configuration on SUSE Linux systems.
Technical detail
Use-after-free vulnerability in wicked's DHCP6 IA_PD option handler allows remote attackers to trigger memory corruption via specially crafted DHCPv6 packets. The vulnerability can result in denial of service or arbitrary code execution with network-level access as a precondition.
Summary generated and translated by AI from the official description.
A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-2.18.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-28.26.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.9.1. openSUSE Factory wicked versions prior to 0.6.62.
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
openSUSE · FactoryopenSUSE · Leap 15.1SUSE · SUSE Linux Enterprise Server 12SUSE · SUSE Linux Enterprise Server 15Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →