VDB
CVE-2019-11766
CVE-2019-11766
PUBLISHED
dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.
EPSS 1.03% · 77.7th percentile
Risk Scores
EPSS Score
1.03%
77.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | dhcpcd5 | 0, 6.11.5-0ubuntu1 |
| Ubuntu:Pro:14.04:LTS | dhcpcd5 | 0, 6.0.5-1ubuntu1, 6.0.5-1.1 |
| Ubuntu:16.04:LTS | dhcpcd5 | 0, 6.9.1-1, 6.9.3-1 |
Exploit Intelligence
- https://bugs.debian.org/928440 (circl)
- https://roy.marples.name/archives/dhcpcd-discuss/0002428.html (circl)
- https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7&id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8 (circl)
- https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7&id=896ef4a54b0578985e5e1360b141593f1d62837b (circl)
- 108172 (circl)
Timeline
- May 5, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-11766 third-party-advisory
- https://roy.marples.name/cgit/dhcpcd.git/commit/?&id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8 third-party-advisory
- https://roy.marples.name/cgit/dhcpcd.git/commit/?&id=896ef4a54b0578985e5e1360b141593f1d62837b third-party-advisory
- https://bugs.debian.org/928440 third-party-advisory
- https://roy.marples.name/archives/dhcpcd-discuss/0002428.html third-party-advisory
- https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7&id=896ef4a54b0578985e5e1360b141593f1d62837b third-party-advisory
- https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7&id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-11766 third-party-advisory