Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for wicked by SUSE

    CVE-2026-44932 (GCVE-0-2026-44932)

    Vulnerability from nvd – Published: 2026-06-16 15:26 – Updated: 2026-06-18 03:55
    VLAI
    Title
    indirect remote shell command injection via unsanitized DHCP options in wicked
    Summary
    Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    SUSE wicked Affected: 0 , < 0.6.79 (semver)
    Create a notification for this product.
    Date Public
    2026-06-10 15:15
    Credits
    Wolfgang Frisch using Claude Opus
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44932",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T03:55:34.354Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/openSUSE/wicked",
              "defaultStatus": "unaffected",
              "modules": [
                "dhcp handling"
              ],
              "packageName": "wicked",
              "product": "wicked",
              "repo": "https://github.com/openSUSE/wicked",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.6.79",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Wolfgang Frisch using Claude Opus"
            }
          ],
          "datePublic": "2026-06-10T15:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003ePassing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine.\u003c/div\u003e"
                }
              ],
              "value": "Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-16T15:26:51.919Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1265221"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://github.com/openSUSE/wicked/releases/tag/version-0.6.79"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026688.html"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026689.html"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026690.html"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026691.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "indirect remote shell command injection via unsanitized DHCP options in wicked",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-44932",
        "datePublished": "2026-06-16T15:26:51.919Z",
        "dateReserved": "2026-05-08T12:29:48.966Z",
        "dateUpdated": "2026-06-18T03:55:34.354Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44932 (GCVE-0-2026-44932)

    Vulnerability from cvelistv5 – Published: 2026-06-16 15:26 – Updated: 2026-06-18 03:55
    VLAI
    Title
    indirect remote shell command injection via unsanitized DHCP options in wicked
    Summary
    Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    SUSE wicked Affected: 0 , < 0.6.79 (semver)
    Create a notification for this product.
    Date Public
    2026-06-10 15:15
    Credits
    Wolfgang Frisch using Claude Opus
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44932",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T03:55:34.354Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/openSUSE/wicked",
              "defaultStatus": "unaffected",
              "modules": [
                "dhcp handling"
              ],
              "packageName": "wicked",
              "product": "wicked",
              "repo": "https://github.com/openSUSE/wicked",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.6.79",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Wolfgang Frisch using Claude Opus"
            }
          ],
          "datePublic": "2026-06-10T15:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003ePassing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine.\u003c/div\u003e"
                }
              ],
              "value": "Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-16T15:26:51.919Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1265221"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://github.com/openSUSE/wicked/releases/tag/version-0.6.79"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026688.html"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026689.html"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026690.html"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026691.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "indirect remote shell command injection via unsanitized DHCP options in wicked",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-44932",
        "datePublished": "2026-06-16T15:26:51.919Z",
        "dateReserved": "2026-05-08T12:29:48.966Z",
        "dateUpdated": "2026-06-18T03:55:34.354Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }