CVE-2019-18903 in OpenSuse and Suse Products
Published on March 2, 2020
wicked: Use-after-free when receiving invalid DHCP6 IA_PD option
A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-2.18.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-28.26.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.9.1. openSUSE Factory wicked versions prior to 0.6.62.
Vulnerability Analysis
Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
Weakness Type
What is a Dangling pointer Vulnerability?
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
CVE-2019-18903 has been classified to as a Dangling pointer vulnerability or weakness.
Products Associated with CVE-2019-18903
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-18903 are published in these products:
Affected Versions
SUSE Linux Enterprise Server 12:- Version wicked and below 0.6.60-2.18.1 is affected.
- Version wicked and below 0.6.60-28.26.1 is affected.
- Version wicked and below 0.6.60-lp151.2.9.1 is affected.
- Version wicked and below 0.6.62 is affected.
Exploit Probability
EPSS
2.82%
Percentile
85.93%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.