What is CVE-2019-6470?

CVE-2019-6470 is a medium-severity vulnerability in Isc Dhcpd. CVSS score: 6.5/10. Published 2019-11-01.

How severe is CVE-2019-6470?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Is CVE-2019-6470 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Isc Dhcpd

CVE-2019-6470

There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the libra…

EPSS: 0.088 (94.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Isc Dhcpd
Multiple, Non-isc Dhcpd — versions builds not wholly from ISC source < 4.4.1
Opensuse Leap — versions 15.0, 15.1
Redhat Enterprise_linux — versions 8.0
Redhat Enterprise_linux_desktop — versions 7.0
Redhat Enterprise_linux_eus — versions 8.1, 8.2, 8.4
Redhat Enterprise_linux_for_arm_64 — versions 8.0
Redhat Enterprise_linux_for_arm_64_eus — versions 8.1_aarch64, 8.2_aarch64, 8.4_aarch64
Redhat Enterprise_linux_for_ibm_z_systems — versions 7.0, 8.0
Redhat Enterprise_linux_for_ibm_z_systems_eus — versions 8.1_s390x, 8.2_s390x, 8.4_s390x

Public proof-of-concept exploits

krlabs/dnsbind-vulnerabilities

References

security-officer@isc.org (x_refsource_CONFIRM, Third Party Advisory)
security-officer@isc.org (x_refsource_CONFIRM, Mailing List, Third Party Advisory)
security-officer@isc.org (x_refsource_CONFIRM, Mailing List, Third Party Advisory)
security-officer@isc.org (x_refsource_CONFIRM, Exploit, Mailing List, Third Party Advisory)
security-officer@isc.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)

Frequently asked questions

What is CVE-2019-6470?: CVE-2019-6470 is a medium-severity vulnerability in Isc Dhcpd. CVSS score: 6.5/10. Published 2019-11-01.
How severe is CVE-2019-6470?: Medium severity. CVSS v3 base score is 6.5 out of 10.
Is CVE-2019-6470 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.