CVE-2018-15688

moderate-risk
Published 2018-10-26

A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.

Do I need to act?

-
0.73% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
ADJACENT_NETWORK / LOW complexity

Affected Products (11)

Affected Vendors

Debian Redhat Canonical Systemd Project

References (18)

Third Party Advisory http://www.securityfocus.com/bid/105745
Third Party Advisory https://access.redhat.com/errata/RHBA-2019:0327
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3665
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:0049
Patch https://github.com/systemd/systemd/pull/10518
Mailing List https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html
Third Party Advisory https://security.gentoo.org/glsa/201810-10
Third Party Advisory https://usn.ubuntu.com/3806-1/
Third Party Advisory https://usn.ubuntu.com/3807-1/
Third Party Advisory http://www.securityfocus.com/bid/105745
Third Party Advisory https://access.redhat.com/errata/RHBA-2019:0327
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3665
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:0049
Patch https://github.com/systemd/systemd/pull/10518
Mailing List https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html
Third Party Advisory https://security.gentoo.org/glsa/201810-10
Third Party Advisory https://usn.ubuntu.com/3806-1/
Third Party Advisory https://usn.ubuntu.com/3807-1/
45
/ 100
moderate-risk
Severity 27/34 · High
Exploitability 2/34 · Minimal
Exposure 16/34 · Moderate