Description
An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input Validation in the DHCPv6 client component allows an unauthenticated remote attacker to cause an Out of Bounds Read, and possibly a Denial of Service via adjacent network access.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://treck.com/vulnerability-response-information/
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210201-0003/
Scores
CVSS v3
5.9
EPSS
0.0015
EPSS Percentile
35.5%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
Details
CWE
CWE-125
CWE-20
Status
published
Products (1)
treck/ipv6
< 6.0.1.68
Published
Dec 22, 2020
Tracked Since
Feb 18, 2026