CVE-2018-15688 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2018-15688

CVE-2018-15688

October 26, 2018

A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.

Related Resources (10)

https://security.gentoo.org/glsa/201810-10

https://usn.ubuntu.com/3807-1/

https://access.redhat.com/errata/RHSA-2018:3665

https://access.redhat.com/errata/RHBA-2019:0327

https://access.redhat.com/errata/RHSA-2019:0049

https://github.com/systemd/systemd/pull/10518

https://usn.ubuntu.com/3806-1/

http://www.securityfocus.com/bid/105745

https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html

https://access.redhat.com/security/cve/CVE-2018-15688

Do you need more information?

CVSS v4

Base Score:

8.7

Attack Vector

ADJACENT

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

CVSS v2

Base Score:

5.8

Access Vector

ADJACENT NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

Weakness Type (CWE)

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-120

EPSS

Base Score:

0.73

Products

Solutions

Resources

Company

Compare

Developer Tools