CVE-2019-6470

There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation.

CVSS v3 6.5 MEDIUM
CVSS v2.0 5.0 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://access.redhat.com/errata/RHSA-2019:2060	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3525	Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122	Exploit Mailing List Third Party Advisory
https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html	Mailing List Third Party Advisory
https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html	Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2060	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3525	Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122	Exploit Mailing List Third Party Advisory
https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html	Mailing List Third Party Advisory
https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:isc:dhcpd:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:opensuse:leap:15.0:::::::*
	cpe:2.3:o:opensuse:leap:15.1:::::::*

History

11 Apr 2025, 14:55

Type	Values Removed	Values Added
CPE	cpe:2.3:a:isc:bind::::::::	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.2:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:8.1:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:::::::* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*
First Time		Redhat enterprise Linux Server Aus Redhat enterprise Linux Server Tus Redhat enterprise Linux Redhat enterprise Linux For Arm 64 Eus Redhat enterprise Linux For Power Big Endian Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Redhat enterprise Linux For Arm 64 Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux Eus Redhat enterprise Linux For Ibm Z Systems Redhat enterprise Linux For Ibm Z Systems Eus Redhat enterprise Linux For Power Little Endian Redhat enterprise Linux Update Services For Sap Solutions Redhat enterprise Linux For Scientific Computing

Information

Published : 2019-11-01 23:15

Updated : 2025-04-11 14:55

NVD link : CVE-2019-6470

Mitre link : CVE-2019-6470

CVE.ORG link : CVE-2019-6470

JSON object : View

Products Affected

redhat

enterprise_linux_workstation
enterprise_linux_server_aus
enterprise_linux_update_services_for_sap_solutions
enterprise_linux_for_scientific_computing
enterprise_linux_for_ibm_z_systems
enterprise_linux_server_tus
enterprise_linux_desktop
enterprise_linux_eus
enterprise_linux
enterprise_linux_server
enterprise_linux_for_power_little_endian_eus
enterprise_linux_for_arm_64
enterprise_linux_for_arm_64_eus
enterprise_linux_for_power_little_endian
enterprise_linux_for_power_big_endian
enterprise_linux_for_ibm_z_systems_eus
enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions

isc

dhcpd

opensuse

leap

CWE

NVD-CWE-noinfo

6.5 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2019-6470

6.5^/10

5.0^/10

Attach tags to `CVE-2019-6470`