Vulnerabilities > CVE-2019-6472 - Reachable Assertion vulnerability in ISC KEA 1.4.0/1.5.0/1.6.0
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 9 |
Common Weakness Enumeration (CWE)
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_20B92374D62A11E9AF73001B217E4EE5.NASL description Internet Systems Consortium, Inc. reports : A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate (CVE-2019-6472) [Medium] An invalid hostname option can cause the kea-dhcp4 server to terminate (CVE-2019-6473) [Medium] An oversight when validating incoming client requests can lead to a situation where the Kea server will exit when trying to restart (CVE-2019-6474) [Medium] last seen 2020-06-01 modified 2020-06-02 plugin id 129114 published 2019-09-23 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129114 title FreeBSD : ISC KEA -- Multiple vulnerabilities (20b92374-d62a-11e9-af73-001b217e4ee5) NASL family Fedora Local Security Checks NASL id FEDORA_2019-0811A88D77.NASL description Fixes for CVE-2019-6472, CVE-2019-6473 and CVE-2019-6474 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128561 published 2019-09-09 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128561 title Fedora 30 : kea (2019-0811a88d77)