7.5
CVE-2019-6470
- EPSS 0.27%
- Published 01.11.2019 23:15:10
- Last modified 11.04.2025 14:55:14
- Source security-officer@isc.org
- Teams watchlist Login
- Open Login
There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation.
Data is provided by the National Vulnerability Database (NVD)
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Desktop Version7.0
Redhat ≫ Enterprise Linux Eus Version8.1
Redhat ≫ Enterprise Linux Eus Version8.2
Redhat ≫ Enterprise Linux Eus Version8.4
Redhat ≫ Enterprise Linux Eus Version8.6
Redhat ≫ Enterprise Linux Eus Version8.8
Redhat ≫ Enterprise Linux For Arm 64 Version8.0
Redhat ≫ Enterprise Linux For Arm 64 Eus Version8.1_aarch64
Redhat ≫ Enterprise Linux For Arm 64 Eus Version8.2_aarch64
Redhat ≫ Enterprise Linux For Arm 64 Eus Version8.4_aarch64
Redhat ≫ Enterprise Linux For Arm 64 Eus Version8.6_aarch64
Redhat ≫ Enterprise Linux For Arm 64 Eus Version8.8_aarch64
Redhat ≫ Enterprise Linux For Ibm Z Systems Version7.0
Redhat ≫ Enterprise Linux For Ibm Z Systems Version8.0
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.1_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.2_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.4_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.6_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.8_s390x
Redhat ≫ Enterprise Linux For Power Big Endian Version7.0
Redhat ≫ Enterprise Linux For Power Little Endian Version7.0
Redhat ≫ Enterprise Linux For Power Little Endian Version8.0
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.1_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.2_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.4_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.6_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.8_ppc64le
Redhat ≫ Enterprise Linux For Scientific Computing Version7.0
Redhat ≫ Enterprise Linux Server Version7.0
Redhat ≫ Enterprise Linux Server Aus Version8.2
Redhat ≫ Enterprise Linux Server Aus Version8.4
Redhat ≫ Enterprise Linux Server Aus Version8.6
Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.1
Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.2
Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.4
Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.6
Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.8
Redhat ≫ Enterprise Linux Server Tus Version8.2
Redhat ≫ Enterprise Linux Server Tus Version8.4
Redhat ≫ Enterprise Linux Server Tus Version8.6
Redhat ≫ Enterprise Linux Server Tus Version8.8
Redhat ≫ Enterprise Linux Update Services For Sap Solutions Version8.1
Redhat ≫ Enterprise Linux Update Services For Sap Solutions Version8.2
Redhat ≫ Enterprise Linux Update Services For Sap Solutions Version8.4
Redhat ≫ Enterprise Linux Update Services For Sap Solutions Version8.6
Redhat ≫ Enterprise Linux Update Services For Sap Solutions Version8.8
Redhat ≫ Enterprise Linux Workstation Version7.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.499 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
| security-officer@isc.org | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|