CVE-2019-11579

EUVD-2019-3249
dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
dhcpcd_projectdhcpcd
𝑥
< 7.2.1
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dhcpcd5
bookworm
9.4.1-24~deb12u4
fixed
bullseye
7.1.0-2
fixed
stretch
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dhcpcd5
bionic
needed
cosmic
ignored
disco
ignored
eoan
Fixed 7.1.0-2
released
focal
Fixed 7.1.0-2
released
groovy
Fixed 7.1.0-2
released
hirsute
Fixed 7.1.0-2
released
impish
Fixed 7.1.0-2
released
jammy
Fixed 7.1.0-2
released
kinetic
Fixed 7.1.0-2
released
lunar
Fixed 7.1.0-2
released
mantic
dne
noble
dne
trusty
Fixed 6.0.5-2+deb8u1build0.14.04.1~esm1
released
xenial
needed
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/108090
https://lists.debian.org/debian-lts-announce/2019/05/msg00024.html
https://roy.marples.name/archives/dhcpcd-discuss/0002415.html
https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8
http://www.securityfocus.com/bid/108090
https://lists.debian.org/debian-lts-announce/2019/05/msg00024.html
https://roy.marples.name/archives/dhcpcd-discuss/0002415.html
https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8