CVE-2018-15688

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.

References

http://www.securityfocus.com/bid/105745

https://access.redhat.com/errata/RHBA-2019:0327

https://access.redhat.com/errata/RHSA-2018:3665

https://access.redhat.com/errata/RHSA-2019:0049

https://github.com/systemd/systemd/pull/10518

https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html

https://security.gentoo.org/glsa/201810-10

https://usn.ubuntu.com/3806-1/

https://usn.ubuntu.com/3807-1/

Details

Source: MITRE

Published: 2018-10-26

Updated: 2019-10-09

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (38 total)

IDNameProductFamilySeverity
127236NewStart CGSL CORE 5.04 / MAIN 5.04 : systemd Multiple Vulnerabilities (NS-SA-2019-0051)NessusNewStart CGSL Local Security Checks
critical
127232NewStart CGSL CORE 5.04 / MAIN 5.04 : NetworkManager Vulnerability (NS-SA-2019-0049)NessusNewStart CGSL Local Security Checks
critical
124919EulerOS Virtualization 3.0.1.0 : systemd (EulerOS-SA-2019-1416)NessusHuawei Local Security Checks
critical
124915EulerOS Virtualization for ARM 64 3.0.1.0 : systemd (EulerOS-SA-2019-1412)NessusHuawei Local Security Checks
critical
124449EulerOS 2.0 SP3 : NetworkManager (EulerOS-SA-2019-1322)NessusHuawei Local Security Checks
critical
123913EulerOS Virtualization 2.5.3 : systemd (EulerOS-SA-2019-1227)NessusHuawei Local Security Checks
critical
123701EulerOS Virtualization 2.5.4 : systemd (EulerOS-SA-2019-1233)NessusHuawei Local Security Checks
critical
123593EulerOS 2.0 SP2 : NetworkManager (EulerOS-SA-2019-1119)NessusHuawei Local Security Checks
critical
123371openSUSE Security Update : systemd (openSUSE-2019-909)NessusSuSE Local Security Checks
critical
123120EulerOS 2.0 SP3 : systemd (EulerOS-SA-2019-1107)NessusHuawei Local Security Checks
critical
122387EulerOS 2.0 SP2 : systemd (EulerOS-SA-2019-1060)NessusHuawei Local Security Checks
critical
122218EulerOS 2.0 SP5 : systemd (EulerOS-SA-2019-1045)NessusHuawei Local Security Checks
critical
122161Amazon Linux 2 : systemd (ALAS-2019-1160)NessusAmazon Linux Local Security Checks
critical
122002Photon OS 2.0: Systemd PHSA-2018-2.0-0107NessusPhotonOS Local Security Checks
critical
121894Photon OS 1.0: Systemd PHSA-2018-1.0-0193NessusPhotonOS Local Security Checks
critical
121204Scientific Linux Security Update : systemd on SL7.x x86_64 (20190114)NessusScientific Linux Local Security Checks
critical
121192CentOS 7 : systemd (CESA-2019:0049)NessusCentOS Local Security Checks
critical
121173RHEL 7 : systemd (RHSA-2019:0049)NessusRed Hat Local Security Checks
critical
121172Oracle Linux 7 : systemd (ELSA-2019-0049)NessusOracle Linux Local Security Checks
critical
121053Amazon Linux 2 : NetworkManager (ALAS-2019-1144)NessusAmazon Linux Local Security Checks
critical
120769Fedora 29 : systemd (2018-c402eea18b)NessusFedora Local Security Checks
critical
120527Fedora 28 : 1:NetworkManager (2018-7243f31304)NessusFedora Local Security Checks
critical
120524Fedora 29 : 1:NetworkManager (2018-71d85bc8cd)NessusFedora Local Security Checks
critical
120295Fedora 28 : systemd (2018-24bd6c9d4a)NessusFedora Local Security Checks
critical
120157SUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2018:3644-1)NessusSuSE Local Security Checks
critical
119664CentOS 7 : NetworkManager (CESA-2018:3665)NessusCentOS Local Security Checks
critical
119575SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2018:3767-2)NessusSuSE Local Security Checks
critical
119249Scientific Linux Security Update : NetworkManager on SL7.x x86_64 (20181127)NessusScientific Linux Local Security Checks
critical
119248Oracle Linux 7 : NetworkManager (ELSA-2018-3665)NessusOracle Linux Local Security Checks
critical
119172RHEL 7 : NetworkManager (RHSA-2018:3665)NessusRed Hat Local Security Checks
critical
119039Debian DLA-1580-1 : systemd security updateNessusDebian Local Security Checks
critical
119028openSUSE Security Update : systemd (openSUSE-2018-1423)NessusSuSE Local Security Checks
critical
119009Fedora 27 : 1:NetworkManager (2018-fc3018b1bd)NessusFedora Local Security Checks
critical
118965SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2018:3767-1)NessusSuSE Local Security Checks
critical
118878openSUSE Security Update : systemd (openSUSE-2018-1382)NessusSuSE Local Security Checks
critical
118751Ubuntu 16.04 LTS / 18.04 LTS / 18.10 : network-manager vulnerability (USN-3807-1)NessusUbuntu Local Security Checks
critical
118750Ubuntu 16.04 LTS / 18.04 LTS / 18.10 : systemd vulnerability (USN-3806-1)NessusUbuntu Local Security Checks
critical
118510GLSA-201810-10 : systemd: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical