CVE-2019-18902 in OpenSuse and Suse Products
Published on March 2, 2020
wicked: Use-after-free when receiving invalid DHCP6 client options
A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-3.5.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-3.21.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.6.1. openSUSE Factory wicked versions prior to 0.6.62.
Vulnerability Analysis
Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
Weakness Type
What is a Dangling pointer Vulnerability?
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
CVE-2019-18902 has been classified to as a Dangling pointer vulnerability or weakness.
Products Associated with CVE-2019-18902
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-18902 are published in these products:
Affected Versions
SUSE Linux Enterprise Server 12:- Version wicked and below 0.6.60-3.5.1 is affected.
- Version wicked and below 0.6.60-3.21.1 is affected.
- Version wicked and below 0.6.60-lp151.2.6.1 is affected.
- Version wicked and below 0.6.62 is affected.
Exploit Probability
EPSS
2.82%
Percentile
85.93%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.