{"id":"CVE-2019-6963","details":"A heap-based buffer overflow in cosa_dhcpv4_dml.c in the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve remote code execution by crafting a long buffer in the \"Comment\" field of an IP reservation form in the admin panel. This is related to the CcspCommonLibrary module.","modified":"2026-03-14T09:37:30.715108Z","published":"2019-06-20T14:15:11.173Z","references":[{"type":"ADVISORY","url":"https://dojo.bullguard.com/dojo-by-bullguard/blog/the-gateway-is-wide-open"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rdkcmf/rdkb-ccsppandm","events":[{"introduced":"0"},{"last_affected":"8a7ae1ac0b29785bae165760e340c245f9d2d5e3"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"rdkb-20181217-1"}]}}],"versions":["IMPORT_INITIAL","RDKB-20181114","RDKB-20181114-1","RDKB-20181115","RDKB-20181217","RDKB-20181217-1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6963.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}