dhcpcd up to 7.2.0 dhcp.c DHO_OPTSOVERLOADED memory corruption
A vulnerability classified as critical was found in dhcpcd up to 7.2.0. This vulnerability affects the functionality of the file dhcp.c. The manipulation of the argument DHO_OPTSOVERLOADED with an unknown input leads to a memory corruption vulnerability (Off-By-One). The CWE definition for the vulnerability is CWE-193. As an impact it is known to affect confidentiality, integrity, and availability.
The weakness was disclosed 04/28/2019. This vulnerability was named CVE-2019-11579 since 04/28/2019. Technical details are known, but there is no available exploit. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 04/28/2019).
Upgrading to version 7.2.1 eliminates this vulnerability.
The entries 134180 and 134181 are pretty similar.
Product
Name
CPE 2.3
CPE 2.2
CVSSv3
VulDB Meta Base Score: 5.5
VulDB Meta Temp Score: 5.3
VulDB Base Score: ≈5.5
VulDB Temp Score: ≈5.3
VulDB Vector: ?
VulDB Reliability: ?
CVSSv2
VulDB Base Score: ?
VulDB Temp Score: ?
VulDB Reliability: ?
Exploiting
Class: Memory corruption / Off-By-One (CWE-193)
Local: Yes
Remote: No
Availability: ?
Status: Not defined
Price Prediction: ?
Current Price Estimation: ?
Threat Intelligence
Threat: ?
Adversaries: ?
Geopolitics: ?
Economy: ?
Predictions: ?
Remediation: ?
Countermeasures
Recommended: Upgrade
Status: ?
0-Day Time: ?
Upgrade: dhcpcd 7.2.1
Timeline
04/28/2019 Advisory disclosed
04/28/2019 VulDB entry created
04/28/2019 CVE assigned
04/28/2019 VulDB last update
Sources
CVE: CVE-2019-11579 (?)
See also: ?
Entry
Created: 04/28/2019 09:31 PM
Complete: ?
https://vuldb.com/?id.134182
Gloss