CVE-2019-11578
MEDIUMdhcpcd < 7.2.1 - Observable Discrepancy via Latency Attack
Title source: llmDescription
auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks.
References (5)
Core 5
Core References
Third Party Advisory x_refsource_misc
https://roy.marples.name/archives/dhcpcd-discuss/0002415.html
Patch, Third Party Advisory x_refsource_misc
https://roy.marples.name/git/dhcpcd.git/commit/?id=7121040790b611ca3fbc400a1bbcd4364ef57233
Third Party Advisory x_refsource_misc
https://roy.marples.name/git/dhcpcd.git/commit/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784da
Patch, Third Party Advisory x_refsource_misc
https://roy.marples.name/git/dhcpcd.git/commit/?id=aee631aadeef4283c8a749c1caf77823304acf5e
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108090
Scores
CVSS v3
5.9
EPSS
0.0203
EPSS Percentile
78.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-203
Status
published
Products (1)
dhcpcd_project/dhcpcd
< 7.2.1
Published
Apr 28, 2019
Tracked Since
Feb 18, 2026