Vulnerability Details : CVE-2019-6474
A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea code, a server trying to restart will conclude that there is a problem with its lease store and give up. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2
Exploit prediction scoring system (EPSS) score for CVE-2019-6474
Probability of exploitation activity in the next 30 days: 0.15%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 51 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2019-6474
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.1
|
MEDIUM | AV:A/AC:L/Au:N/C:N/I:N/A:C |
6.5
|
6.9
|
NIST |
|
6.5
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
|
5.7
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.1
|
3.6
|
Internet Systems Consortium (ISC) |
CWE ids for CVE-2019-6474
-
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-6474
-
https://kb.isc.org/docs/cve-2019-6474
CVE-2019-6474: An oversight when validating incoming client requests can lead to a situation where the Kea server will exit when trying to restart - Security AdvisoriesVendor Advisory
Products affected by CVE-2019-6474
- cpe:2.3:a:isc:kea:*:*:*:*:*:*:*:*
- cpe:2.3:a:isc:kea:1.6.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:isc:kea:1.6.0:beta1:*:*:*:*:*:*