Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2018-15688

Published: 26 October 2018

A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.

Priority

Medium

Cvss 3 Severity Score

8.8

Score breakdown

Status

Package Release Status
systemd
Launchpad, Ubuntu, Debian
upstream Pending

trusty Not vulnerable
(code not present)
xenial
Released (229-4ubuntu21.6)
bionic
Released (237-3ubuntu10.4)
cosmic
Released (239-7ubuntu10.1)
Patches:


upstream: https://github.com/systemd/systemd/pull/10518
upstream: https://github.com/systemd/systemd/commit/4dac5eaba4e419b29c97da38a8b1f82336c2c892
upstream: https://github.com/systemd/systemd/commit/5ec1fca41e5c5f31c7f6bfb42b113f0fb7dc1a87
network-manager
Launchpad, Ubuntu, Debian
upstream Pending

trusty Does not exist
(trusty was not-affected [code not present])
xenial
Released (1.2.6-0ubuntu0.16.04.3)
bionic
Released (1.10.6-2ubuntu1.1)
cosmic
Released (1.12.4-1ubuntu1.1)
Patches:
upstream: https://github.com/NetworkManager/NetworkManager/commit/01ca2053bbea09f35b958c8cc7631e15469acb79
upstream: https://github.com/NetworkManager/NetworkManager/commit/ef7312a3ae3527e68738b2a7325aaae969fc7355



Severity score breakdown

Parameter Value
Base score 8.8
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H