CVE-2019-6472

Summary

A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.

Affected Software

VendorProductVersion RangeStatus
ISCKea1.4.0 to 1.5.0affected
ISCKea1.6.0-beta1affected
ISCKea1.6.0-beta2affected

Weaknesses

  • An attacker who is able to send a request containing a malformed DUID to the server (either directly or via a relay) can cause the DHCPv6 server process to terminate, denying service to clients. Only the DHCPv6 service is affected by this vulnerability.

ADP Enrichment

CVE Program Container

Additional References

References