CVE-2019-11766
- Source
- https://cve.org/CVERecord?id=CVE-2019-11766
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11766.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-11766
- Downstream
- Published
- 2019-05-05T06:29:00.223Z
- Modified
- 2026-02-24T01:16:49.502154Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6OPTIONPD_EXCLUDE feature.
- References
-
- http://www.securityfocus.com/bid/108172
- https://bugs.debian.org/928440
- https://roy.marples.name/archives/dhcpcd-discuss/0002428.html
- https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7&id=896ef4a54b0578985e5e1360b141593f1d62837b
- https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7&id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8
- https://bugs.debian.org/928440
- https://roy.marples.name/archives/dhcpcd-discuss/0002428.html
- https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7&id=896ef4a54b0578985e5e1360b141593f1d62837b
- https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7&id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8
- https://bugs.debian.org/928440
- https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7&id=896ef4a54b0578985e5e1360b141593f1d62837b
- https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7&id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8
Affected packages
Git / github.com/rsmarples/dhcpcd
Affected ranges
- Type
- GIT
- Repo
- https://github.com/rsmarples/dhcpcd
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixed
Affected versions
v7.*
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.5a
v7.0.5b
v7.0.6
v7.0.7
v7.0.8
v7.1.0
v7.1.1
v7.2.0
v7.2.1
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11766.json"
vanir_signatures
[
{
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "src/dhcp6.c"
},
"deprecated": false,
"source": "https://github.com/rsmarples/dhcpcd/commit/d30538898e39cc9a49ced4e67e91013d1d84a2c2",
"digest": {
"line_hashes": [
"128791362724316076833846390335608624616",
"276512548865701510008981561576257645523",
"164597777333323718200872289213334073819",
"37736796150810945481206810595216785099",
"43626031906383246725332989478497325814",
"12939491439161782283134484832739147034",
"56198155499831416563622155107367737444",
"278973541740820641167815533192217982337",
"231857893143996889906446267693147760429"
],
"threshold": 0.9
},
"id": "CVE-2019-11766-c5551729"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "src/dhcp6.c",
"function": "dhcp6_findpd"
},
"deprecated": false,
"source": "https://github.com/rsmarples/dhcpcd/commit/d30538898e39cc9a49ced4e67e91013d1d84a2c2",
"digest": {
"length": 3042.0,
"function_hash": "129949654370244262757538485416123606766"
},
"id": "CVE-2019-11766-f3315d34"
}
]