CVE-2019-6474 — MEDIUM (5.7)

Q: How severe is CVE-2019-6474?

CVE-2019-6474 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-6474?

Check the references section above for vendor advisories and patch information. Affected products include: Isc Kea.

Vulnerability Description

A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea code, a server trying to restart will conclude that there is a problem with its lease store and give up. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2

CVSS Score

5.7

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Isc	Kea	>= 1.4.0, <= 1.5.0

Related Weaknesses (CWE)

CWE-772

References

https://kb.isc.org/docs/cve-2019-6474Vendor Advisory
https://kb.isc.org/docs/cve-2019-6474Vendor Advisory

FAQ

What is CVE-2019-6474?

CVE-2019-6474 is a vulnerability with a CVSS score of 5.7 (MEDIUM). A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load lease...

How severe is CVE-2019-6474?

CVE-2019-6474 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-6474?

Check the references section above for vendor advisories and patch information. Affected products include: Isc Kea.