CVE-2019-12257

HIGH

Wind River VxWorks <6.10 - Buffer Overflow

Title source: llm

Description

Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc.

References (8)

Core 8

Core References

Issue Tracking, Vendor Advisory x_refsource_misc

https://support2.windriver.com/index.php?page=security-notices

Third Party Advisory x_refsource_confirm

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009

Third Party Advisory x_refsource_confirm

https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20190802-0001/

Vendor Advisory x_refsource_confirm

https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/

Vendor Advisory x_refsource_confirm

https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12257

Third Party Advisory x_refsource_confirm

https://support.f5.com/csp/article/K41190253

Third Party Advisory x_refsource_confirm

https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf

Scores

CVSS v3 8.8

EPSS 0.1536

EPSS Percentile 94.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-120

Status published

Products (14)

belden/garrettcom_magnum_dx940e_firmware < 1.0.1_y7

belden/hirschmann_hios < 07.0.07

netapp/e-series_santricity_os_controller 8.00 - 8.40.50.00

siemens/ruggedcom_win7000_firmware < bs5.2.461.17

siemens/ruggedcom_win7018_firmware < bs5.2.461.17

siemens/ruggedcom_win7025_firmware < bs5.2.461.17

siemens/ruggedcom_win7200_firmware < bs5.2.461.17

siemens/siprotec_5_firmware < 7.59

siemens/siprotec_5_firmware < 7.91

sonicwall/sonicos 6.2.7.0

... and 4 more

Published Aug 09, 2019

Tracked Since Feb 18, 2026