VDB
CVE-2019-6474
CVE-2019-6474
PUBLISHED
A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea code, a server trying to restart will conclude that there is a problem with its lease store and give up. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2
EPSS 1.59% · 81.9th percentile
Risk Scores
EPSS Score
1.59%
81.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:18.04:LTS | isc-kea | 1.1.0-1build1, 0, 1.1.0-1 |
| Ubuntu:Pro:16.04:LTS | isc-kea | 0, 1.0.0-1, 1.0.0-1build1 |
Timeline
- Aug 28, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
- Jan 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-6474 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-6474 third-party-advisory