CVE-2020-7217

An ni_dhcp4_fsm_process_dhcp4_packet memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets with a different client-id.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
Affected Products (NVD)
VendorProductVersion
opensusewicked
𝑥
≤ 0.6.55
𝑥
= Vulnerable software versions
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
wicked
suse enterprise desktop 15
0.6.60-3.24.1
fixed
suse enterprise desktop 15 SP1
0.6.60-3.13.1
fixed
suse enterprise desktop 15 SP2
0.6.63-1.19
fixed
suse enterprise desktop 15 SP3
0.6.65-2.1
fixed
suse enterprise desktop 15 SP4
0.6.69-150400.1.3
fixed
suse enterprise desktop 15 SP5
0.6.72-150500.1.2
fixed
suse enterprise desktop 15 SP6
0.6.74-150600.9.2
fixed
suse enterprise desktop 15 SP7
0.6.78-150700.1.4
fixed
suse enterprise sap 12 SP4
0.6.60-2.18.1
fixed
suse enterprise sap 12 SP5
0.6.60-3.5.1
fixed
suse enterprise sap 15
0.6.60-3.24.1
fixed
suse enterprise sap 15 SP1
0.6.60-3.13.1
fixed
suse enterprise sap 15 SP2
0.6.63-1.19
fixed
suse enterprise sap 15 SP3
0.6.65-2.1
fixed
suse enterprise sap 15 SP4
0.6.69-150400.1.3
fixed
suse enterprise sap 15 SP5
0.6.72-150500.1.2
fixed
suse enterprise sap 15 SP6
0.6.74-150600.9.2
fixed
suse enterprise sap 15 SP7
0.6.78-150700.1.4
fixed
suse enterprise server 12 SP1
0.6.60-28.26.1
fixed
suse enterprise server 12 SP4
0.6.60-2.18.1
fixed
suse enterprise server 12 SP5
0.6.60-3.5.1
fixed
suse enterprise server 15
0.6.60-3.24.1
fixed
suse enterprise server 15 SP1
0.6.60-3.13.1
fixed
suse enterprise server 15 SP2
0.6.63-1.19
fixed
suse enterprise server 15 SP3
0.6.65-2.1
fixed
suse enterprise server 15 SP4
0.6.69-150400.1.3
fixed
suse enterprise server 15 SP5
0.6.72-150500.1.2
fixed
suse enterprise server 15 SP6
0.6.74-150600.9.2
fixed
suse enterprise server 15 SP7
0.6.78-150700.1.4
fixed
wicked-nbft
suse enterprise desktop 15 SP5
0.6.72-150500.1.2
fixed
suse enterprise desktop 15 SP6
0.6.74-150600.9.2
fixed
suse enterprise desktop 15 SP7
0.6.78-150700.1.4
fixed
suse enterprise sap 15 SP5
0.6.72-150500.1.2
fixed
suse enterprise sap 15 SP6
0.6.74-150600.9.2
fixed
suse enterprise sap 15 SP7
0.6.78-150700.1.4
fixed
suse enterprise server 15 SP5
0.6.72-150500.1.2
fixed
suse enterprise server 15 SP6
0.6.74-150600.9.2
fixed
suse enterprise server 15 SP7
0.6.78-150700.1.4
fixed
wicked-service
suse enterprise desktop 15
0.6.60-3.24.1
fixed
suse enterprise desktop 15 SP1
0.6.60-3.13.1
fixed
suse enterprise desktop 15 SP2
0.6.63-1.19
fixed
suse enterprise desktop 15 SP3
0.6.65-2.1
fixed
suse enterprise desktop 15 SP4
0.6.69-150400.1.3
fixed
suse enterprise desktop 15 SP5
0.6.72-150500.1.2
fixed
suse enterprise desktop 15 SP6
0.6.74-150600.9.2
fixed
suse enterprise desktop 15 SP7
0.6.78-150700.1.4
fixed
suse enterprise sap 12 SP4
0.6.60-2.18.1
fixed
suse enterprise sap 12 SP5
0.6.60-3.5.1
fixed
suse enterprise sap 15
0.6.60-3.24.1
fixed
suse enterprise sap 15 SP1
0.6.60-3.13.1
fixed
suse enterprise sap 15 SP2
0.6.63-1.19
fixed
suse enterprise sap 15 SP3
0.6.65-2.1
fixed
suse enterprise sap 15 SP4
0.6.69-150400.1.3
fixed
suse enterprise sap 15 SP5
0.6.72-150500.1.2
fixed
suse enterprise sap 15 SP6
0.6.74-150600.9.2
fixed
suse enterprise sap 15 SP7
0.6.78-150700.1.4
fixed
suse enterprise server 12 SP1
0.6.60-28.26.1
fixed
suse enterprise server 12 SP4
0.6.60-2.18.1
fixed
suse enterprise server 12 SP5
0.6.60-3.5.1
fixed
suse enterprise server 15
0.6.60-3.24.1
fixed
suse enterprise server 15 SP1
0.6.60-3.13.1
fixed
suse enterprise server 15 SP2
0.6.63-1.19
fixed
suse enterprise server 15 SP3
0.6.65-2.1
fixed
suse enterprise server 15 SP4
0.6.69-150400.1.3
fixed
suse enterprise server 15 SP5
0.6.72-150500.1.2
fixed
suse enterprise server 15 SP6
0.6.74-150600.9.2
fixed
suse enterprise server 15 SP7
0.6.78-150700.1.4
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00011.html
https://bugzilla.suse.com/show_bug.cgi?id=1160906
https://github.com/openSUSE/wicked/releases
https://www.suse.com/security/cve/CVE-2020-7217/
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00011.html
https://bugzilla.suse.com/show_bug.cgi?id=1160906
https://github.com/openSUSE/wicked/releases
https://www.suse.com/security/cve/CVE-2020-7217/