CVE-2018-15688: systemd-network does not correctly keep track of a buffer size
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Mawrer Amed Ramirez Martinez |
Bug Description
Title
-----
CVE-2018-15688: systemd-network does not correctly keep track of a buffer size.
Brief Description
-----------------
It was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim's one may advertise itself as a DHCPv6 server and exploit this flaw to cause a Denial of Service or potentially gain code execution on the victim's machine.
+------
| CVE-2018-15688 | |
+------
| Max Score | 9.8 CRITICAL (nvd) |
| nvd | 9.8/CVSS:
| redhat | 8.8/CVSS:
| nvd | 7.5/AV:
| Summary | A buffer overflow vulnerability in the dhcp6 client of systemd allows a |
| | malicious dhcp6 server to overwrite heap memory in systemd-networkd. |
| | Affected releases are systemd: versions up to and including 239. |
| CWE | CWE-122: Heap-based Buffer Overflow (redhat) |
| CWE | CWE-119: Improper Restriction of Operations within the Bounds of a Memory |
| | (nvd) |
| CWE | CWE-131: Incorrect Calculation of Buffer Size (redhat) |
| CWE | CWE-190: Integer Overflow or Wraparound (redhat) |
| Affected Pkg | libgudev1-
| Affected Pkg | systemd-
| Affected Pkg | systemd-
| Affected Pkg | systemd-
| Confidence | 100 / OvalMatch |
| Source | https:/
| CVSSv2 Calc | https:/
| CVSSv3 Calc | https:/
| RHEL-CVE | https:/
| CWE | https:/
| CWE | https:/
| CWE | https:/
| CWE | https:/
+------
Severity
--------
Provide the severity of the defect.
<Major: System/Feature is usable but degraded>
Steps to Reproduce
------------------
N/A
Expected Behavior
------------------
N/A
Actual Behavior
----------------
N/A
Reproducibility
---------------
Reproducible
System Configuration
-------
N/A
Branch/Pull Time/Commit
-------
N/A
Timestamp/Logs
--------------
N/A
CVE References
Changed in starlingx: | |
importance: | Undecided → High |
tags: | added: stx.2019.05 stx.security |
Changed in starlingx: | |
assignee: | nobody → Cesar Lara (clara1) |
Changed in starlingx: | |
status: | New → Triaged |
tags: | added: stx.build |
information type: | Private Security → Private |
information type: | Private → Private Security |
tags: |
added: stx.2.0 removed: stx.2019.05 |
Changed in starlingx: | |
assignee: | Cesar Lara (clara1) → Mawrer Amed Ramirez Martinez (marami3) |
Changed in starlingx: | |
status: | Triaged → Fix Released |
information type: | Private Security → Public |
The community has fixed this CVE on January 14th. To fix this CVE, please update the following packages:
libgudev1- 219-62. el7.tis. 11 -> 219-62.el7_6.5 (updates) 219-62. el7.tis. 11 -> 219-62.el7_6.5 (updates) libs-219- 62.el7. tis.11 -> 219-62.el7_6.5 (updates) sysv-219- 62.el7. tis.11 -> 219-62.el7_6.5 (updates)
systemd-
systemd-
systemd-