DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2019-18902

High

Low Medium High Critical

7.5

CVSS Score

Published: Mar 02, 2020

Last Modified: Nov 21, 2024

CWE: CWE-416

Vulnerability Description

A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-3.5.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-3.21.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.6.1. openSUSE Factory wicked versions prior to 0.6.62.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

3 configuration(s) from 2 vendor(s)

leap

Version:

15.1

CPE:

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

linux_enterprise_server

Version:

CPE:

cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:-:*:*:*

linux_enterprise_server

Version:

CPE:

cpe:2.3:o:suse:linux_enterprise_server:15:-:*:*:*:*:*:*

This vulnerability affects 3 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

7.5

out of 10.0

High

Weakness Type (CWE)

CWE-416 Top 25 #12

Use After Free

Description: The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations…
Exploit Likelihood: High
Typical Severity: High
Abstraction Level: Variant