CVE-2019-6470

Name of the Vulnerable Software and Affected Versions dhcpd versions prior to 4.4.1 when using BIND versions 9.11.2 or later

Description The issue is related to bugs in the ISC BIND libraries used by dhcpd when operating in DHCPv6 mode, and a bug in dhcpd itself. The bugs can cause a crash, potentially leading to a denial of service. The crash probability is reported to be large, although it is unclear if this can be manipulated by an attacker. The problem arises when dhcpd is used with specific versions of BIND, particularly those with versions 9.11.2 or later, or versions with specific bug fixes backported to them.

Recommendations For dhcpd versions prior to 4.4.1, update to version 4.4.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of dhcpd in DHCPv6 mode until a patch is available. Operators are advised to consult their vendor documentation for specific guidance on updating or mitigating the vulnerability in their particular build of dhcpd.