From fc583c5e6c3c3bbc2b5a4ff942c3a0569674af25 Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Mon, 2 Mar 2020 17:44:35 +0100 Subject: [PATCH] data for CVE-2019-18902, CVE-2019-18903 --- 2019/18xxx/CVE-2019-18902.json | 141 +++++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18903.json | 141 +++++++++++++++++++++++++++++++++ 2 files changed, 282 insertions(+) create mode 100644 2019/18xxx/CVE-2019-18902.json create mode 100644 2019/18xxx/CVE-2019-18903.json diff --git a/2019/18xxx/CVE-2019-18902.json b/2019/18xxx/CVE-2019-18902.json new file mode 100644 index 00000000000..8c67d3d572c --- /dev/null +++ b/2019/18xxx/CVE-2019-18902.json @@ -0,0 +1,141 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security@suse.de", + "DATE_PUBLIC": "2020-01-30T00:00:00.000Z", + "ID": "CVE-2019-18902", + "STATE": "PUBLIC", + "TITLE": "wicked: Use-after-free when receiving invalid DHCP6 client options" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SUSE Linux Enterprise Server 12", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "wicked", + "version_value": "0.6.60-3.5.1" + } + ] + } + }, + { + "product_name": "SUSE Linux Enterprise Server 15", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "wicked", + "version_value": "0.6.60-3.21.1" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + }, + { + "product": { + "product_data": [ + { + "product_name": "Leap 15.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "wicked", + "version_value": "0.6.60-lp151.2.6.1" + } + ] + } + }, + { + "product_name": "Factory", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "wicked", + "version_value": "0.6.62" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Malte Kraus" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution.\nThis issue affects:\nSUSE Linux Enterprise Server 12\nwicked versions prior to 0.6.60-3.5.1.\nSUSE Linux Enterprise Server 15\nwicked versions prior to 0.6.60-3.21.1.\nopenSUSE Leap 15.1\nwicked versions prior to 0.6.60-lp151.2.6.1.\nopenSUSE Factory\nwicked versions prior to 0.6.62." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1160903", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1160903" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1160903", + "defect": [ + "1160903" + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18903.json b/2019/18xxx/CVE-2019-18903.json new file mode 100644 index 00000000000..b1b2af85406 --- /dev/null +++ b/2019/18xxx/CVE-2019-18903.json @@ -0,0 +1,141 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security@suse.de", + "DATE_PUBLIC": "2020-02-06T00:00:00.000Z", + "ID": "CVE-2019-18903", + "STATE": "PUBLIC", + "TITLE": "wicked: Use-after-free when receiving invalid DHCP6 IA_PD option" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SUSE Linux Enterprise Server 12", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "wicked", + "version_value": "0.6.60-2.18.1" + } + ] + } + }, + { + "product_name": "SUSE Linux Enterprise Server 15", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "wicked", + "version_value": "0.6.60-28.26.1" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + }, + { + "product": { + "product_data": [ + { + "product_name": "Leap 15.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "wicked", + "version_value": "0.6.60-lp151.2.9.1" + } + ] + } + }, + { + "product_name": "Factory", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "wicked", + "version_value": " 0.6.62" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Malte Kraus" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution.\nThis issue affects:\nSUSE Linux Enterprise Server 12\nwicked versions prior to 0.6.60-2.18.1.\nSUSE Linux Enterprise Server 15\nwicked versions prior to 0.6.60-28.26.1.\nopenSUSE Leap 15.1\nwicked versions prior to 0.6.60-lp151.2.9.1.\nopenSUSE Factory\nwicked versions prior to 0.6.62." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1160904", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1160904" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1160904", + "defect": [ + "1160904" + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file