What is CVE-2018-15688?

CVE-2018-15688 is a high-severity vulnerability in Systemd. CVSS score: 8.8/10. Published 2018-10-26.

How severe is CVE-2018-15688?

High severity. CVSS v3 base score is 8.8 out of 10.

Is CVE-2018-15688 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Systemd

CVE-2018-15688

A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.

EPSS: 0.007 (72.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Systemd — versions unspecified

Public proof-of-concept exploits

References

GLSA-201810-10 (vendor-advisory, x_refsource_GENTOO)
[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update (mailing-list, x_refsource_MLIST)
USN-3807-1 (x_refsource_UBUNTU, vendor-advisory)
USN-3806-1 (x_refsource_UBUNTU, vendor-advisory)
RHSA-2018:3665 (x_refsource_REDHAT, vendor-advisory)
105745 (vdb-entry, x_refsource_BID)
github.com/systemd/systemd/pull/10518 (x_refsource_MISC)
RHSA-2019:0049 (x_refsource_REDHAT, vendor-advisory)
RHBA-2019:0327 (x_refsource_REDHAT, vendor-advisory)

Frequently asked questions

What is CVE-2018-15688?: CVE-2018-15688 is a high-severity vulnerability in Systemd. CVSS score: 8.8/10. Published 2018-10-26.
How severe is CVE-2018-15688?: High severity. CVSS v3 base score is 8.8 out of 10.
Is CVE-2018-15688 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.