Vulnerability Description
dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dhcpcd Project | Dhcpcd | < 6.11.7 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/108172Broken Link
- https://bugs.debian.org/928440Mailing ListPatchThird Party Advisory
- https://roy.marples.name/archives/dhcpcd-discuss/0002428.htmlPatchVendor Advisory
- https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7&id=896ef4a54b0578985Mailing ListPatchVendor Advisory
- https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7&id=c1ebeaafeb324bac9Mailing ListPatchVendor Advisory
- http://www.securityfocus.com/bid/108172Broken Link
- https://bugs.debian.org/928440Mailing ListPatchThird Party Advisory
- https://roy.marples.name/archives/dhcpcd-discuss/0002428.htmlPatchVendor Advisory
- https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7&id=896ef4a54b0578985Mailing ListPatchVendor Advisory
- https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7&id=c1ebeaafeb324bac9Mailing ListPatchVendor Advisory
FAQ
What is CVE-2019-11766?
CVE-2019-11766 is a vulnerability with a CVSS score of 9.8 (CRITICAL). dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.
How severe is CVE-2019-11766?
CVE-2019-11766 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-11766?
Check the references section above for vendor advisories and patch information. Affected products include: Dhcpcd Project Dhcpcd, Debian Debian Linux.