Vulnerabilites related to isc - dhcp
CVE-2022-2928 (GCVE-0-2022-2928)
Vulnerability from cvelistv5
Published
2022-10-07 04:45
Modified
2024-09-17 00:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- A DHCP server configured with allow leasequery;, a remote machine with access to the server can send lease queries for the same lease multiple times, leading to the add_option() function being repeatedly called. This could cause an option's refcount field to overflow and the server to abort. Internally, reference counters are integers and thus overflow at 2^31 references, so even at 1000 lease query responses per second, it would take more than three weeks to crash the server. Affects In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1
Summary
In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2022-2928"
},
{
"name": "[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"
},
{
"name": "FEDORA-2022-f5a45757df",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"
},
{
"name": "FEDORA-2022-9ca9a94e28",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"
},
{
"name": "FEDORA-2022-c4f274a54f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"
},
{
"name": "GLSA-202305-22",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ISC DHCP",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "4.4.0 through versions before 4.4.3-P1"
},
{
"status": "affected",
"version": "4.1 ESV 4.1-ESV-R1 through versions before 4.1-ESV-R16-P1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank VictorV of Cyber Kunlun Lab for discovering and reporting this issue."
}
],
"datePublic": "2022-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In ISC DHCP 4.4.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option\u0027s refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A DHCP server configured with allow leasequery;, a remote machine with access to the server can send lease queries for the same lease multiple times, leading to the add_option() function being repeatedly called. This could cause an option\u0027s refcount field to overflow and the server to abort. Internally, reference counters are integers and thus overflow at 2^31 references, so even at 1000 lease query responses per second, it would take more than three weeks to crash the server. Affects In ISC DHCP 4.4.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"url": "https://kb.isc.org/docs/cve-2022-2928"
},
{
"name": "[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"
},
{
"name": "FEDORA-2022-f5a45757df",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"
},
{
"name": "FEDORA-2022-9ca9a94e28",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"
},
{
"name": "FEDORA-2022-c4f274a54f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"
},
{
"name": "GLSA-202305-22",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of ISC DHCP. These can all be downloaded from https://www.isc.org/downloads. 4.4.3-P1 4.1-ESV-R16-P2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "An option refcount overflow exists in dhcpd",
"workarounds": [
{
"lang": "en",
"value": "Disable lease query on the server for DHCPv4 or restart the server periodically."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2022-2928",
"datePublished": "2022-10-07T04:45:11.751554Z",
"dateReserved": "2022-08-22T00:00:00",
"dateUpdated": "2024-09-17T00:21:40.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1893 (GCVE-0-2009-1893)
Vulnerability from cvelistv5
Published
2009-07-17 16:00
Modified
2024-08-07 05:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the "dhcpd -t" command.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1022554",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022554"
},
{
"name": "oval:org.mitre.oval:def:11597",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11597"
},
{
"name": "oval:org.mitre.oval:def:6440",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6440"
},
{
"name": "dhcp-dhcpdt-symlink(51718)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51718"
},
{
"name": "35670",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35670"
},
{
"name": "35831",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35831"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=510024"
},
{
"name": "RHSA-2009:1154",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1154.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the \"dhcpd -t\" command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1022554",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022554"
},
{
"name": "oval:org.mitre.oval:def:11597",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11597"
},
{
"name": "oval:org.mitre.oval:def:6440",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6440"
},
{
"name": "dhcp-dhcpdt-symlink(51718)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51718"
},
{
"name": "35670",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35670"
},
{
"name": "35831",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35831"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=510024"
},
{
"name": "RHSA-2009:1154",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1154.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-1893",
"datePublished": "2009-07-17T16:00:00",
"dateReserved": "2009-06-02T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5732 (GCVE-0-2018-5732)
Vulnerability from cvelistv5
Published
2019-10-09 14:17
Modified
2024-09-16 18:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Affected versions of dhclient should crash due to an out-of-bounds memory access if they receive and process a triggering response packet. However, buffer overflow outcomes can vary by operating system, and outcomes such as remote code execution may be possible in some circumstances. Where they are present, operating system mitigation strategies such as address space layout randomization (ASLR) should make it difficult to leverage this vulnerability to achieve remote code execution, but we cannot rule it out as impossible. The safest course is to patch dhclient so that the buffer overflow cannot occur.
Summary
Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:51.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/docs/aa-01565"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ISC DHCP",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "ISC DHCP 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Felix Wilhelm, Google Security Team, for reporting this vulnerability."
}
],
"datePublic": "2018-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Affected versions of dhclient should crash due to an out-of-bounds memory access if they receive and process a triggering response packet. However, buffer overflow outcomes can vary by operating system, and outcomes such as remote code execution may be possible in some circumstances. Where they are present, operating system mitigation strategies such as address space layout randomization (ASLR) should make it difficult to leverage this vulnerability to achieve remote code execution, but we cannot rule it out as impossible. The safest course is to patch dhclient so that the buffer overflow cannot occur.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T14:17:14",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/docs/aa-01565"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of DHCP. ISC DHCP releases are available from https://www.isc.org/downloads.\n\n \u003e= DHCP 4.1-ESV-R15-P1\n \u003e= DHCP 4.3.6-P1\n \u003e= DHCP 4.4.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "A specially constructed response from a malicious server can cause a buffer overflow in dhclient",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2018-02-28T00:00:00.000Z",
"ID": "CVE-2018-5732",
"STATE": "PUBLIC",
"TITLE": "A specially constructed response from a malicious server can cause a buffer overflow in dhclient"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ISC DHCP",
"version": {
"version_data": [
{
"version_name": "ISC DHCP",
"version_value": "4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ISC would like to thank Felix Wilhelm, Google Security Team, for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Affected versions of dhclient should crash due to an out-of-bounds memory access if they receive and process a triggering response packet. However, buffer overflow outcomes can vary by operating system, and outcomes such as remote code execution may be possible in some circumstances. Where they are present, operating system mitigation strategies such as address space layout randomization (ASLR) should make it difficult to leverage this vulnerability to achieve remote code execution, but we cannot rule it out as impossible. The safest course is to patch dhclient so that the buffer overflow cannot occur."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/aa-01565",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01565"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of DHCP. ISC DHCP releases are available from https://www.isc.org/downloads.\n\n \u003e= DHCP 4.1-ESV-R15-P1\n \u003e= DHCP 4.3.6-P1\n \u003e= DHCP 4.4.1"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2018-5732",
"datePublished": "2019-10-09T14:17:14.251822Z",
"dateReserved": "2018-01-17T00:00:00",
"dateUpdated": "2024-09-16T18:19:36.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3955 (GCVE-0-2012-3955)
Vulnerability from cvelistv5
Published
2012-09-14 10:00
Modified
2024-08-06 20:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:04.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2012-14149",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.html"
},
{
"name": "openSUSE-SU-2012:1252",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00103.html"
},
{
"name": "USN-1571-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1571-1"
},
{
"name": "openSUSE-SU-2012:1234",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00088.html"
},
{
"name": "DSA-2551",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2551"
},
{
"name": "51318",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51318"
},
{
"name": "MDVSA-2012:153",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:153"
},
{
"name": "FEDORA-2012-13910",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086992.html"
},
{
"name": "55530",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55530"
},
{
"name": "FEDORA-2012-14076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.html"
},
{
"name": "RHSA-2013:0504",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0504.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of"
},
{
"name": "openSUSE-SU-2012:1254",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00105.html"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-00779"
},
{
"name": "1027528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027528"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-29T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2012-14149",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.html"
},
{
"name": "openSUSE-SU-2012:1252",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00103.html"
},
{
"name": "USN-1571-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1571-1"
},
{
"name": "openSUSE-SU-2012:1234",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00088.html"
},
{
"name": "DSA-2551",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2551"
},
{
"name": "51318",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51318"
},
{
"name": "MDVSA-2012:153",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:153"
},
{
"name": "FEDORA-2012-13910",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086992.html"
},
{
"name": "55530",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55530"
},
{
"name": "FEDORA-2012-14076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.html"
},
{
"name": "RHSA-2013:0504",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0504.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of"
},
{
"name": "openSUSE-SU-2012:1254",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00105.html"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-00779"
},
{
"name": "1027528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027528"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2012-14149",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.html"
},
{
"name": "openSUSE-SU-2012:1252",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00103.html"
},
{
"name": "USN-1571-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1571-1"
},
{
"name": "openSUSE-SU-2012:1234",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00088.html"
},
{
"name": "DSA-2551",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2551"
},
{
"name": "51318",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51318"
},
{
"name": "MDVSA-2012:153",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:153"
},
{
"name": "FEDORA-2012-13910",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086992.html"
},
{
"name": "55530",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55530"
},
{
"name": "FEDORA-2012-14076",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.html"
},
{
"name": "RHSA-2013:0504",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0504.html"
},
{
"name": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of",
"refsource": "CONFIRM",
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of"
},
{
"name": "openSUSE-SU-2012:1254",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00105.html"
},
{
"name": "GLSA-201301-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "https://kb.isc.org/article/AA-00779",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00779"
},
{
"name": "1027528",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027528"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3955",
"datePublished": "2012-09-14T10:00:00",
"dateReserved": "2012-07-11T00:00:00",
"dateUpdated": "2024-08-06T20:21:04.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8605 (GCVE-0-2015-8605)
Vulnerability from cvelistv5
Published
2016-01-14 22:00
Modified
2024-08-06 08:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034657",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034657"
},
{
"name": "openSUSE-SU-2016:0610",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-01334"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"name": "FEDORA-2016-0c5bb21bf1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html"
},
{
"name": "DSA-3442",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3442"
},
{
"name": "USN-2868-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2868-1"
},
{
"name": "FEDORA-2016-adb533a418",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "80703",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/80703"
},
{
"name": "openSUSE-SU-2016:0601",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1034657",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034657"
},
{
"name": "openSUSE-SU-2016:0610",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-01334"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"name": "FEDORA-2016-0c5bb21bf1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html"
},
{
"name": "DSA-3442",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3442"
},
{
"name": "USN-2868-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2868-1"
},
{
"name": "FEDORA-2016-adb533a418",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "80703",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/80703"
},
{
"name": "openSUSE-SU-2016:0601",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034657",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034657"
},
{
"name": "openSUSE-SU-2016:0610",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html"
},
{
"name": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/",
"refsource": "CONFIRM",
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"name": "https://kb.isc.org/article/AA-01334",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-01334"
},
{
"name": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/",
"refsource": "CONFIRM",
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"name": "FEDORA-2016-0c5bb21bf1",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html"
},
{
"name": "DSA-3442",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3442"
},
{
"name": "USN-2868-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2868-1"
},
{
"name": "FEDORA-2016-adb533a418",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "80703",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/80703"
},
{
"name": "openSUSE-SU-2016:0601",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8605",
"datePublished": "2016-01-14T22:00:00",
"dateReserved": "2015-12-17T00:00:00",
"dateUpdated": "2024-08-06T08:20:43.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2748 (GCVE-0-2011-2748)
Vulnerability from cvelistv5
Published
2011-08-15 21:00
Modified
2024-08-06 23:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1190-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1190-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://redmine.pfsense.org/issues/1888"
},
{
"name": "FEDORA-2011-10705",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html"
},
{
"name": "45595",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45595"
},
{
"name": "openSUSE-SU-2011:1021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html"
},
{
"name": "DSA-2292",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2292"
},
{
"name": "RHSA-2011:1160",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1160.html"
},
{
"name": "1025918",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025918"
},
{
"name": "45817",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45817"
},
{
"name": "49120",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49120"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html"
},
{
"name": "isc-dhcp-packet-dos(69139)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69139"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "45582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45582"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=517665\u0026action=diff"
},
{
"name": "45918",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45918"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-2748"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html"
},
{
"name": "45639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45639"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729382"
},
{
"name": "45629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45629"
},
{
"name": "SUSE-SU-2011:1023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/11695711"
},
{
"name": "MDVSA-2011:128",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:128"
},
{
"name": "46780",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46780"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-1190-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1190-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://redmine.pfsense.org/issues/1888"
},
{
"name": "FEDORA-2011-10705",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html"
},
{
"name": "45595",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45595"
},
{
"name": "openSUSE-SU-2011:1021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html"
},
{
"name": "DSA-2292",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2292"
},
{
"name": "RHSA-2011:1160",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1160.html"
},
{
"name": "1025918",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025918"
},
{
"name": "45817",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45817"
},
{
"name": "49120",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49120"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html"
},
{
"name": "isc-dhcp-packet-dos(69139)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69139"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "45582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45582"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=517665\u0026action=diff"
},
{
"name": "45918",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45918"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-2748"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html"
},
{
"name": "45639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45639"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729382"
},
{
"name": "45629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45629"
},
{
"name": "SUSE-SU-2011:1023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/11695711"
},
{
"name": "MDVSA-2011:128",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:128"
},
{
"name": "46780",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46780"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1190-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1190-1"
},
{
"name": "http://redmine.pfsense.org/issues/1888",
"refsource": "CONFIRM",
"url": "http://redmine.pfsense.org/issues/1888"
},
{
"name": "FEDORA-2011-10705",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html"
},
{
"name": "45595",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45595"
},
{
"name": "openSUSE-SU-2011:1021",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html"
},
{
"name": "DSA-2292",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2292"
},
{
"name": "RHSA-2011:1160",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1160.html"
},
{
"name": "1025918",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025918"
},
{
"name": "45817",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45817"
},
{
"name": "49120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49120"
},
{
"name": "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html",
"refsource": "CONFIRM",
"url": "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html"
},
{
"name": "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html",
"refsource": "CONFIRM",
"url": "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html"
},
{
"name": "isc-dhcp-packet-dos(69139)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69139"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "45582",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45582"
},
{
"name": "https://bugzilla.redhat.com/attachment.cgi?id=517665\u0026action=diff",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/attachment.cgi?id=517665\u0026action=diff"
},
{
"name": "45918",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45918"
},
{
"name": "http://www.isc.org/software/dhcp/advisories/cve-2011-2748",
"refsource": "CONFIRM",
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-2748"
},
{
"name": "GLSA-201301-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html",
"refsource": "CONFIRM",
"url": "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html"
},
{
"name": "45639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45639"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729382",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729382"
},
{
"name": "45629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45629"
},
{
"name": "SUSE-SU-2011:1023",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/11695711"
},
{
"name": "MDVSA-2011:128",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:128"
},
{
"name": "46780",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46780"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2748",
"datePublished": "2011-08-15T21:00:00",
"dateReserved": "2011-07-14T00:00:00",
"dateUpdated": "2024-08-06T23:08:23.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0692 (GCVE-0-2009-0692)
Vulnerability from cvelistv5
Published
2009-07-14 20:16
Modified
2024-08-07 04:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:51.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1891",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1891"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.isc.org/node/468"
},
{
"name": "35830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35830"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=507717"
},
{
"name": "35832",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35832"
},
{
"name": "SSRT100018",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
},
{
"name": "35850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35850"
},
{
"name": "35785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35785"
},
{
"name": "VU#410676",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/410676"
},
{
"name": "35880",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35880"
},
{
"name": "SUSE-SA:2009:037",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00003.html"
},
{
"name": "HPSBMA02554",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
},
{
"name": "FEDORA-2009-9075",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html"
},
{
"name": "40551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40551"
},
{
"name": "55819",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/55819"
},
{
"name": "35668",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35668"
},
{
"name": "DSA-1833",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1833"
},
{
"name": "GLSA-200907-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-12.xml"
},
{
"name": "MDVSA-2009:151",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:151"
},
{
"name": "RHSA-2009:1136",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1136.html"
},
{
"name": "35831",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35831"
},
{
"name": "35829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35829"
},
{
"name": "ADV-2010-1796",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1796"
},
{
"name": "35841",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35841"
},
{
"name": "oval:org.mitre.oval:def:5941",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5941"
},
{
"name": "oval:org.mitre.oval:def:10758",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10758"
},
{
"name": "USN-803-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-803-1"
},
{
"name": "NetBSD-SA2009-010",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-010.txt.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.isc.org/downloadables/12"
},
{
"name": "RHSA-2009:1154",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1154.html"
},
{
"name": "37342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37342"
},
{
"name": "35851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35851"
},
{
"name": "35849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35849"
},
{
"name": "SSA:2009-195-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.561471"
},
{
"name": "1022548",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022548"
},
{
"name": "36457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36457"
},
{
"name": "FEDORA-2009-8344",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "ADV-2009-1891",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1891"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.isc.org/node/468"
},
{
"name": "35830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35830"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=507717"
},
{
"name": "35832",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35832"
},
{
"name": "SSRT100018",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
},
{
"name": "35850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35850"
},
{
"name": "35785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35785"
},
{
"name": "VU#410676",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/410676"
},
{
"name": "35880",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35880"
},
{
"name": "SUSE-SA:2009:037",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00003.html"
},
{
"name": "HPSBMA02554",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
},
{
"name": "FEDORA-2009-9075",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html"
},
{
"name": "40551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40551"
},
{
"name": "55819",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/55819"
},
{
"name": "35668",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35668"
},
{
"name": "DSA-1833",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1833"
},
{
"name": "GLSA-200907-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-12.xml"
},
{
"name": "MDVSA-2009:151",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:151"
},
{
"name": "RHSA-2009:1136",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1136.html"
},
{
"name": "35831",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35831"
},
{
"name": "35829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35829"
},
{
"name": "ADV-2010-1796",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1796"
},
{
"name": "35841",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35841"
},
{
"name": "oval:org.mitre.oval:def:5941",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5941"
},
{
"name": "oval:org.mitre.oval:def:10758",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10758"
},
{
"name": "USN-803-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-803-1"
},
{
"name": "NetBSD-SA2009-010",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-010.txt.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.isc.org/downloadables/12"
},
{
"name": "RHSA-2009:1154",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1154.html"
},
{
"name": "37342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37342"
},
{
"name": "35851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35851"
},
{
"name": "35849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35849"
},
{
"name": "SSA:2009-195-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.561471"
},
{
"name": "1022548",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022548"
},
{
"name": "36457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36457"
},
{
"name": "FEDORA-2009-8344",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2009-0692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1891",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1891"
},
{
"name": "https://www.isc.org/node/468",
"refsource": "CONFIRM",
"url": "https://www.isc.org/node/468"
},
{
"name": "35830",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35830"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=507717",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=507717"
},
{
"name": "35832",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35832"
},
{
"name": "SSRT100018",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
},
{
"name": "35850",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35850"
},
{
"name": "35785",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35785"
},
{
"name": "VU#410676",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/410676"
},
{
"name": "35880",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35880"
},
{
"name": "SUSE-SA:2009:037",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00003.html"
},
{
"name": "HPSBMA02554",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
},
{
"name": "FEDORA-2009-9075",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html"
},
{
"name": "40551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40551"
},
{
"name": "55819",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55819"
},
{
"name": "35668",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35668"
},
{
"name": "DSA-1833",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1833"
},
{
"name": "GLSA-200907-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200907-12.xml"
},
{
"name": "MDVSA-2009:151",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:151"
},
{
"name": "RHSA-2009:1136",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1136.html"
},
{
"name": "35831",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35831"
},
{
"name": "35829",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35829"
},
{
"name": "ADV-2010-1796",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1796"
},
{
"name": "35841",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35841"
},
{
"name": "oval:org.mitre.oval:def:5941",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5941"
},
{
"name": "oval:org.mitre.oval:def:10758",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10758"
},
{
"name": "USN-803-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-803-1"
},
{
"name": "NetBSD-SA2009-010",
"refsource": "NETBSD",
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-010.txt.asc"
},
{
"name": "https://www.isc.org/downloadables/12",
"refsource": "CONFIRM",
"url": "https://www.isc.org/downloadables/12"
},
{
"name": "RHSA-2009:1154",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1154.html"
},
{
"name": "37342",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37342"
},
{
"name": "35851",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35851"
},
{
"name": "35849",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35849"
},
{
"name": "SSA:2009-195-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.561471"
},
{
"name": "1022548",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022548"
},
{
"name": "36457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36457"
},
{
"name": "FEDORA-2009-8344",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2009-0692",
"datePublished": "2009-07-14T20:16:00",
"dateReserved": "2009-02-22T00:00:00",
"dateUpdated": "2024-08-07T04:48:51.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3616 (GCVE-0-2010-3616)
Vulnerability from cvelistv5
Published
2010-12-17 18:00
Modified
2024-08-07 03:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service (communications-interrupted state and DHCP client service loss) by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp process check to TCP port 520.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2010-18856",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052329.html"
},
{
"name": "42618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42618"
},
{
"name": "ADV-2010-3208",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3208"
},
{
"name": "ADV-2011-0052",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0052"
},
{
"name": "[dhcp-users] 20101207 nagios check_tcp kills failover, then dhcp failure.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.isc.org/pipermail/dhcp-users/2010-December/012368.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2010-3616"
},
{
"name": "VU#159528",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/159528"
},
{
"name": "1024862",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024862"
},
{
"name": "MDVSA-2011:001",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:001"
},
{
"name": "45360",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45360"
},
{
"name": "42682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42682"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service (communications-interrupted state and DHCP client service loss) by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp process check to TCP port 520."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-11T10:00:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "FEDORA-2010-18856",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052329.html"
},
{
"name": "42618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42618"
},
{
"name": "ADV-2010-3208",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3208"
},
{
"name": "ADV-2011-0052",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0052"
},
{
"name": "[dhcp-users] 20101207 nagios check_tcp kills failover, then dhcp failure.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.isc.org/pipermail/dhcp-users/2010-December/012368.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2010-3616"
},
{
"name": "VU#159528",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/159528"
},
{
"name": "1024862",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024862"
},
{
"name": "MDVSA-2011:001",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:001"
},
{
"name": "45360",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45360"
},
{
"name": "42682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42682"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2010-3616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service (communications-interrupted state and DHCP client service loss) by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp process check to TCP port 520."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2010-18856",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052329.html"
},
{
"name": "42618",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42618"
},
{
"name": "ADV-2010-3208",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3208"
},
{
"name": "ADV-2011-0052",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0052"
},
{
"name": "[dhcp-users] 20101207 nagios check_tcp kills failover, then dhcp failure.",
"refsource": "MLIST",
"url": "https://lists.isc.org/pipermail/dhcp-users/2010-December/012368.html"
},
{
"name": "https://www.isc.org/software/dhcp/advisories/cve-2010-3616",
"refsource": "CONFIRM",
"url": "https://www.isc.org/software/dhcp/advisories/cve-2010-3616"
},
{
"name": "VU#159528",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/159528"
},
{
"name": "1024862",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024862"
},
{
"name": "MDVSA-2011:001",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:001"
},
{
"name": "45360",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45360"
},
{
"name": "42682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42682"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2010-3616",
"datePublished": "2010-12-17T18:00:00",
"dateReserved": "2010-09-27T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3144 (GCVE-0-2017-3144)
Vulnerability from cvelistv5
Published
2019-01-16 20:00
Modified
2024-09-16 22:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- By intentionally exploiting this vulnerability an attacker who is permitted to establish connections to the OMAPI control port can exhaust the pool of socket descriptors available to the DHCP server. Once exhausted, the server will not accept additional connections, potentially denying access to legitimate connections from the server operator. While the server will continue to receive and service DHCP client requests, the operator can be blocked from the ability to use OMAPI to control server state, add new lease reservations, etc.
Summary
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:0158",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0158"
},
{
"name": "DSA-4133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4133"
},
{
"name": "102726",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102726"
},
{
"name": "1040194",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040194"
},
{
"name": "USN-3586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/docs/aa-01541"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ISC DHCP",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."
}
]
}
],
"datePublic": "2018-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "By intentionally exploiting this vulnerability an attacker who is permitted to establish connections to the OMAPI control port can exhaust the pool of socket descriptors available to the DHCP server.\n\nOnce exhausted, the server will not accept additional connections, potentially denying access to legitimate connections from the server operator. While the server will continue to receive and service DHCP client requests, the operator can be blocked from the ability to use OMAPI to control server state, add new lease reservations, etc.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-17T10:57:01",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "RHSA-2018:0158",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0158"
},
{
"name": "DSA-4133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4133"
},
{
"name": "102726",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102726"
},
{
"name": "1040194",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040194"
},
{
"name": "USN-3586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/docs/aa-01541"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Failure to properly clean up closed OMAPI connections can exhaust available sockets",
"workarounds": [
{
"lang": "en",
"value": "The recommended remedy is to disallow access to the OMAPI control port from unauthorized clients (in accordance with best practices for server operation)."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2018-01-16T00:00:00.000Z",
"ID": "CVE-2017-3144",
"STATE": "PUBLIC",
"TITLE": "Failure to properly clean up closed OMAPI connections can exhaust available sockets"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ISC DHCP",
"version": {
"version_data": [
{
"version_name": "ISC DHCP",
"version_value": "4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "By intentionally exploiting this vulnerability an attacker who is permitted to establish connections to the OMAPI control port can exhaust the pool of socket descriptors available to the DHCP server.\n\nOnce exhausted, the server will not accept additional connections, potentially denying access to legitimate connections from the server operator. While the server will continue to receive and service DHCP client requests, the operator can be blocked from the ability to use OMAPI to control server state, add new lease reservations, etc."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:0158",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0158"
},
{
"name": "DSA-4133",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4133"
},
{
"name": "102726",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102726"
},
{
"name": "1040194",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040194"
},
{
"name": "USN-3586-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "https://kb.isc.org/docs/aa-01541",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01541"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "The recommended remedy is to disallow access to the OMAPI control port from unauthorized clients (in accordance with best practices for server operation)."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2017-3144",
"datePublished": "2019-01-16T20:00:00Z",
"dateReserved": "2016-12-02T00:00:00",
"dateUpdated": "2024-09-16T22:46:13.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3954 (GCVE-0-2012-3954)
Vulnerability from cvelistv5
Published
2012-07-25 10:00
Modified
2024-08-06 20:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:04.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1027300",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027300"
},
{
"name": "DSA-2516",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"name": "RHSA-2012:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"name": "MDVSA-2012:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"name": "openSUSE-SU-2012:1006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"name": "MDVSA-2012:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "DSA-2519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "USN-1519-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-00737"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "54665",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54665"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1027300",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027300"
},
{
"name": "DSA-2516",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"name": "RHSA-2012:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"name": "MDVSA-2012:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"name": "openSUSE-SU-2012:1006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"name": "MDVSA-2012:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "DSA-2519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "USN-1519-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-00737"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "54665",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54665"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027300",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027300"
},
{
"name": "DSA-2516",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"name": "RHSA-2012:1141",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"name": "MDVSA-2012:116",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"name": "openSUSE-SU-2012:1006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"name": "MDVSA-2012:115",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "DSA-2519",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "USN-1519-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"name": "https://kb.isc.org/article/AA-00737",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00737"
},
{
"name": "GLSA-201301-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "54665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54665"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3954",
"datePublished": "2012-07-25T10:00:00",
"dateReserved": "2012-07-11T00:00:00",
"dateUpdated": "2024-08-06T20:21:04.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2494 (GCVE-0-2013-2494)
Vulnerability from cvelistv5
Published
2013-03-28 16:00
Modified
2024-09-16 19:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:31.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-00880/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-28T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-00880/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/article/AA-00880/",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00880/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2494",
"datePublished": "2013-03-28T16:00:00Z",
"dateReserved": "2013-03-07T00:00:00Z",
"dateUpdated": "2024-09-16T19:52:30.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0997 (GCVE-0-2011-0997)
Vulnerability from cvelistv5
Published
2011-04-08 15:00
Modified
2024-08-06 22:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47176",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47176"
},
{
"name": "ADV-2011-0886",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0886"
},
{
"name": "44103",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44103"
},
{
"name": "RHSA-2011:0840",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0840.html"
},
{
"name": "44037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44037"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832"
},
{
"name": "ADV-2011-0926",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0926"
},
{
"name": "HPSBMU02752",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
},
{
"name": "44127",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44127"
},
{
"name": "MDVSA-2011:073",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:073"
},
{
"name": "SSRT100802",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
},
{
"name": "ADV-2011-0909",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0909"
},
{
"name": "oval:org.mitre.oval:def:12812",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812"
},
{
"name": "71493",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/71493"
},
{
"name": "44090",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44090"
},
{
"name": "44048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44048"
},
{
"name": "FEDORA-2011-4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997"
},
{
"name": "iscdhcp-dhclient-command-execution(66580)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66580"
},
{
"name": "ADV-2011-0879",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0879"
},
{
"name": "VU#107886",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/107886"
},
{
"name": "1025300",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025300"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "SSA:2011-097-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.593345"
},
{
"name": "ADV-2011-1000",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1000"
},
{
"name": "ADV-2011-0915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0915"
},
{
"name": "ADV-2011-0965",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0965"
},
{
"name": "37623",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/37623/"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "44180",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44180"
},
{
"name": "DSA-2217",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2217"
},
{
"name": "USN-1108-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1108-1"
},
{
"name": "DSA-2216",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2216"
},
{
"name": "FEDORA-2011-4897",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html"
},
{
"name": "RHSA-2011:0428",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0428.html"
},
{
"name": "44089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44089"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "47176",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47176"
},
{
"name": "ADV-2011-0886",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0886"
},
{
"name": "44103",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44103"
},
{
"name": "RHSA-2011:0840",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0840.html"
},
{
"name": "44037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44037"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832"
},
{
"name": "ADV-2011-0926",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0926"
},
{
"name": "HPSBMU02752",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
},
{
"name": "44127",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44127"
},
{
"name": "MDVSA-2011:073",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:073"
},
{
"name": "SSRT100802",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
},
{
"name": "ADV-2011-0909",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0909"
},
{
"name": "oval:org.mitre.oval:def:12812",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812"
},
{
"name": "71493",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/71493"
},
{
"name": "44090",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44090"
},
{
"name": "44048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44048"
},
{
"name": "FEDORA-2011-4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997"
},
{
"name": "iscdhcp-dhclient-command-execution(66580)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66580"
},
{
"name": "ADV-2011-0879",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0879"
},
{
"name": "VU#107886",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/107886"
},
{
"name": "1025300",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025300"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "SSA:2011-097-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.593345"
},
{
"name": "ADV-2011-1000",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1000"
},
{
"name": "ADV-2011-0915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0915"
},
{
"name": "ADV-2011-0965",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0965"
},
{
"name": "37623",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/37623/"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "44180",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44180"
},
{
"name": "DSA-2217",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2217"
},
{
"name": "USN-1108-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1108-1"
},
{
"name": "DSA-2216",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2216"
},
{
"name": "FEDORA-2011-4897",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html"
},
{
"name": "RHSA-2011:0428",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0428.html"
},
{
"name": "44089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44089"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47176",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47176"
},
{
"name": "ADV-2011-0886",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0886"
},
{
"name": "44103",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44103"
},
{
"name": "RHSA-2011:0840",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0840.html"
},
{
"name": "44037",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44037"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=689832",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832"
},
{
"name": "ADV-2011-0926",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0926"
},
{
"name": "HPSBMU02752",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
},
{
"name": "44127",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44127"
},
{
"name": "MDVSA-2011:073",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:073"
},
{
"name": "SSRT100802",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
},
{
"name": "ADV-2011-0909",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0909"
},
{
"name": "oval:org.mitre.oval:def:12812",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812"
},
{
"name": "71493",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/71493"
},
{
"name": "44090",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44090"
},
{
"name": "44048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44048"
},
{
"name": "FEDORA-2011-4934",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html"
},
{
"name": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997",
"refsource": "CONFIRM",
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997"
},
{
"name": "iscdhcp-dhclient-command-execution(66580)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66580"
},
{
"name": "ADV-2011-0879",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0879"
},
{
"name": "VU#107886",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/107886"
},
{
"name": "1025300",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025300"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "SSA:2011-097-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.593345"
},
{
"name": "ADV-2011-1000",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1000"
},
{
"name": "ADV-2011-0915",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0915"
},
{
"name": "ADV-2011-0965",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0965"
},
{
"name": "37623",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37623/"
},
{
"name": "GLSA-201301-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "44180",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44180"
},
{
"name": "DSA-2217",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2217"
},
{
"name": "USN-1108-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1108-1"
},
{
"name": "DSA-2216",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2216"
},
{
"name": "FEDORA-2011-4897",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html"
},
{
"name": "RHSA-2011:0428",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0428.html"
},
{
"name": "44089",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44089"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0997",
"datePublished": "2011-04-08T15:00:00",
"dateReserved": "2011-02-14T00:00:00",
"dateUpdated": "2024-08-06T22:14:27.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3570 (GCVE-0-2012-3570)
Vulnerability from cvelistv5
Published
2012-07-25 10:00
Modified
2024-08-06 20:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:13:50.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2012:1006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"name": "MDVSA-2012:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-00714"
},
{
"name": "54665",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54665"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2012:1006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"name": "MDVSA-2012:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-00714"
},
{
"name": "54665",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54665"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2012:1006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"name": "MDVSA-2012:115",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "GLSA-201301-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "https://kb.isc.org/article/AA-00714",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00714"
},
{
"name": "54665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54665"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3570",
"datePublished": "2012-07-25T10:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:13:50.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4868 (GCVE-0-2011-4868)
Vulnerability from cvelistv5
Published
2012-01-15 02:00
Modified
2024-08-07 00:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:35.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-00705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-4868"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://deepthought.isc.org/article/AA-00595"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-00705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-4868"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://deepthought.isc.org/article/AA-00595"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/article/AA-00705",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00705"
},
{
"name": "https://www.isc.org/software/dhcp/advisories/cve-2011-4868",
"refsource": "CONFIRM",
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-4868"
},
{
"name": "https://deepthought.isc.org/article/AA-00595",
"refsource": "CONFIRM",
"url": "https://deepthought.isc.org/article/AA-00595"
},
{
"name": "GLSA-201301-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4868",
"datePublished": "2012-01-15T02:00:00",
"dateReserved": "2011-12-19T00:00:00",
"dateUpdated": "2024-08-07T00:16:35.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2749 (GCVE-0-2011-2749)
Vulnerability from cvelistv5
Published
2011-08-15 21:00
Modified
2024-08-06 23:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1190-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1190-1"
},
{
"name": "FEDORA-2011-10705",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html"
},
{
"name": "45595",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45595"
},
{
"name": "openSUSE-SU-2011:1021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html"
},
{
"name": "DSA-2292",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2292"
},
{
"name": "RHSA-2011:1160",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1160.html"
},
{
"name": "1025918",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025918"
},
{
"name": "45817",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45817"
},
{
"name": "49120",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49120"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "45582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45582"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=517665\u0026action=diff"
},
{
"name": "45918",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45918"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-2748"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html"
},
{
"name": "45639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45639"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729382"
},
{
"name": "45629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45629"
},
{
"name": "SUSE-SU-2011:1023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/11695711"
},
{
"name": "MDVSA-2011:128",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:128"
},
{
"name": "46780",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46780"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-1190-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1190-1"
},
{
"name": "FEDORA-2011-10705",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html"
},
{
"name": "45595",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45595"
},
{
"name": "openSUSE-SU-2011:1021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html"
},
{
"name": "DSA-2292",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2292"
},
{
"name": "RHSA-2011:1160",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1160.html"
},
{
"name": "1025918",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025918"
},
{
"name": "45817",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45817"
},
{
"name": "49120",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49120"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "45582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45582"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=517665\u0026action=diff"
},
{
"name": "45918",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45918"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-2748"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html"
},
{
"name": "45639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45639"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729382"
},
{
"name": "45629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45629"
},
{
"name": "SUSE-SU-2011:1023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/11695711"
},
{
"name": "MDVSA-2011:128",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:128"
},
{
"name": "46780",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46780"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1190-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1190-1"
},
{
"name": "FEDORA-2011-10705",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html"
},
{
"name": "45595",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45595"
},
{
"name": "openSUSE-SU-2011:1021",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html"
},
{
"name": "DSA-2292",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2292"
},
{
"name": "RHSA-2011:1160",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1160.html"
},
{
"name": "1025918",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025918"
},
{
"name": "45817",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45817"
},
{
"name": "49120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49120"
},
{
"name": "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html",
"refsource": "CONFIRM",
"url": "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html"
},
{
"name": "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html",
"refsource": "CONFIRM",
"url": "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "45582",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45582"
},
{
"name": "https://bugzilla.redhat.com/attachment.cgi?id=517665\u0026action=diff",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/attachment.cgi?id=517665\u0026action=diff"
},
{
"name": "45918",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45918"
},
{
"name": "http://www.isc.org/software/dhcp/advisories/cve-2011-2748",
"refsource": "CONFIRM",
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-2748"
},
{
"name": "GLSA-201301-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html",
"refsource": "CONFIRM",
"url": "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html"
},
{
"name": "45639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45639"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729382",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729382"
},
{
"name": "45629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45629"
},
{
"name": "SUSE-SU-2011:1023",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/11695711"
},
{
"name": "MDVSA-2011:128",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:128"
},
{
"name": "46780",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46780"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2749",
"datePublished": "2011-08-15T21:00:00",
"dateReserved": "2011-07-14T00:00:00",
"dateUpdated": "2024-08-06T23:08:23.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0413 (GCVE-0-2011-0413)
Vulnerability from cvelistv5
Published
2011-01-31 20:00
Modified
2024-08-06 21:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:09.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-0266",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0266"
},
{
"name": "43006",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43006"
},
{
"name": "ADV-2011-0235",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0235"
},
{
"name": "43354",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43354"
},
{
"name": "dhcp-dhcpv6-dos(64959)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64959"
},
{
"name": "70680",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70680"
},
{
"name": "43104",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43104"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-00456"
},
{
"name": "MDVSA-2011:022",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:022"
},
{
"name": "ADV-2011-0583",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0583"
},
{
"name": "ADV-2011-0300",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0300"
},
{
"name": "43613",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43613"
},
{
"name": "1024999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024999"
},
{
"name": "43167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43167"
},
{
"name": "RHSA-2011:0256",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0256.html"
},
{
"name": "46035",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46035"
},
{
"name": "FEDORA-2011-0862",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053644.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-0413"
},
{
"name": "ADV-2011-0400",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0400"
},
{
"name": "DSA-2184",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2184"
},
{
"name": "VU#686084",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/686084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "ADV-2011-0266",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0266"
},
{
"name": "43006",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43006"
},
{
"name": "ADV-2011-0235",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0235"
},
{
"name": "43354",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43354"
},
{
"name": "dhcp-dhcpv6-dos(64959)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64959"
},
{
"name": "70680",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70680"
},
{
"name": "43104",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43104"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-00456"
},
{
"name": "MDVSA-2011:022",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:022"
},
{
"name": "ADV-2011-0583",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0583"
},
{
"name": "ADV-2011-0300",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0300"
},
{
"name": "43613",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43613"
},
{
"name": "1024999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024999"
},
{
"name": "43167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43167"
},
{
"name": "RHSA-2011:0256",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0256.html"
},
{
"name": "46035",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46035"
},
{
"name": "FEDORA-2011-0862",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053644.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-0413"
},
{
"name": "ADV-2011-0400",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0400"
},
{
"name": "DSA-2184",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2184"
},
{
"name": "VU#686084",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/686084"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-0413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0266",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0266"
},
{
"name": "43006",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43006"
},
{
"name": "ADV-2011-0235",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0235"
},
{
"name": "43354",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43354"
},
{
"name": "dhcp-dhcpv6-dos(64959)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64959"
},
{
"name": "70680",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70680"
},
{
"name": "43104",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43104"
},
{
"name": "https://kb.isc.org/article/AA-00456",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00456"
},
{
"name": "MDVSA-2011:022",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:022"
},
{
"name": "ADV-2011-0583",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0583"
},
{
"name": "ADV-2011-0300",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0300"
},
{
"name": "43613",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43613"
},
{
"name": "1024999",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024999"
},
{
"name": "43167",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43167"
},
{
"name": "RHSA-2011:0256",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0256.html"
},
{
"name": "46035",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46035"
},
{
"name": "FEDORA-2011-0862",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053644.html"
},
{
"name": "http://www.isc.org/software/dhcp/advisories/cve-2011-0413",
"refsource": "CONFIRM",
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-0413"
},
{
"name": "ADV-2011-0400",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0400"
},
{
"name": "DSA-2184",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2184"
},
{
"name": "VU#686084",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/686084"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-0413",
"datePublished": "2011-01-31T20:00:00",
"dateReserved": "2011-01-11T00:00:00",
"dateUpdated": "2024-08-06T21:51:09.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5733 (GCVE-0-2018-5733)
Vulnerability from cvelistv5
Published
2019-01-16 20:00
Modified
2025-04-25 23:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Successful exploitation of this vulnerability may exhaust the memory available to dhcpd and/or cause it to crash, resulting in a denial of service to clients.
Summary
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-04-25T23:02:52.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/docs/aa-01567"
},
{
"name": "RHSA-2018:0469",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0469"
},
{
"name": "DSA-4133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4133"
},
{
"name": "USN-3586-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3586-2/"
},
{
"name": "RHSA-2018:0483",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0483"
},
{
"name": "USN-3586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "103188",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103188"
},
{
"name": "1040437",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040437"
},
{
"name": "[debian-lts-announce] 20180322 [SECURITY] [DLA 1313-1] isc-dhcp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250425-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ISC DHCP",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "ISC DHCP 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Felix Wilhelm, Google Security Team, for reporting this vulnerability."
}
],
"datePublic": "2018-02-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Successful exploitation of this vulnerability may exhaust the memory available to dhcpd and/or cause it to crash, resulting in a denial of service to clients.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-17T10:57:01.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/docs/aa-01567"
},
{
"name": "RHSA-2018:0469",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0469"
},
{
"name": "DSA-4133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4133"
},
{
"name": "USN-3586-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3586-2/"
},
{
"name": "RHSA-2018:0483",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0483"
},
{
"name": "USN-3586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "103188",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103188"
},
{
"name": "1040437",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040437"
},
{
"name": "[debian-lts-announce] 20180322 [SECURITY] [DLA 1313-1] isc-dhcp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of DHCP.\n\n DHCP 4.1-ESV-R15-P1\n DHCP 4.3.6-P1\n DHCP 4.4.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "A malicious client can overflow a reference counter in ISC dhcpd",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2018-02-28T00:00:00.000Z",
"ID": "CVE-2018-5733",
"STATE": "PUBLIC",
"TITLE": "A malicious client can overflow a reference counter in ISC dhcpd"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ISC DHCP",
"version": {
"version_data": [
{
"version_name": "ISC DHCP",
"version_value": "4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ISC would like to thank Felix Wilhelm, Google Security Team, for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Successful exploitation of this vulnerability may exhaust the memory available to dhcpd and/or cause it to crash, resulting in a denial of service to clients."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/aa-01567",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01567"
},
{
"name": "RHSA-2018:0469",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0469"
},
{
"name": "DSA-4133",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4133"
},
{
"name": "USN-3586-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3586-2/"
},
{
"name": "RHSA-2018:0483",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0483"
},
{
"name": "USN-3586-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "103188",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103188"
},
{
"name": "1040437",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040437"
},
{
"name": "[debian-lts-announce] 20180322 [SECURITY] [DLA 1313-1] isc-dhcp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of DHCP.\n\n DHCP 4.1-ESV-R15-P1\n DHCP 4.3.6-P1\n DHCP 4.4.1"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2018-5733",
"datePublished": "2019-01-16T20:00:00.000Z",
"dateReserved": "2018-01-17T00:00:00.000Z",
"dateUpdated": "2025-04-25T23:02:52.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2929 (GCVE-0-2022-2929)
Vulnerability from cvelistv5
Published
2022-10-07 04:45
Modified
2024-09-16 18:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- The function fqdn_universe_decode() allocates buffer space for the contents of option 81 (fqdn) data received in a DHCP packet. The maximum length of a DNS label is 63 bytes. The function tests the length byte of each label contained in the fqdn; if it finds a label whose length byte value is larger than 63, it returns without dereferencing the buffer space. This will cause a memory leak. Affects In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1
Summary
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2022-2929"
},
{
"name": "[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"
},
{
"name": "FEDORA-2022-f5a45757df",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"
},
{
"name": "FEDORA-2022-9ca9a94e28",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"
},
{
"name": "FEDORA-2022-c4f274a54f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"
},
{
"name": "GLSA-202305-22",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ISC DHCP",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "1.0 through versions before 4.1-ESV-R16-P2"
},
{
"status": "affected",
"version": "4.2 through versions before 4.4.3.-P1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank VictorV of Cyber Kunlun Lab for discovering and reporting this issue."
}
],
"datePublic": "2022-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In ISC DHCP 1.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The function fqdn_universe_decode() allocates buffer space for the contents of option 81 (fqdn) data received in a DHCP packet. The maximum length of a DNS label is 63 bytes. The function tests the length byte of each label contained in the fqdn; if it finds a label whose length byte value is larger than 63, it returns without dereferencing the buffer space. This will cause a memory leak. Affects In ISC DHCP 1.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"url": "https://kb.isc.org/docs/cve-2022-2929"
},
{
"name": "[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"
},
{
"name": "FEDORA-2022-f5a45757df",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"
},
{
"name": "FEDORA-2022-9ca9a94e28",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"
},
{
"name": "FEDORA-2022-c4f274a54f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"
},
{
"name": "GLSA-202305-22",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of ISC DHCP. These can all be downloaded from https://www.isc.org/downloads. 4.4.3-P1 4.1-ESV-R16-P2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DHCP memory leak",
"workarounds": [
{
"lang": "en",
"value": "As exploiting this vulnerability requires an attacker to send packets for an extended period of time, restarting servers periodically could be a viable workaround."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2022-2929",
"datePublished": "2022-10-07T04:45:12.836741Z",
"dateReserved": "2022-08-22T00:00:00",
"dateUpdated": "2024-09-16T18:28:37.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4539 (GCVE-0-2011-4539)
Vulnerability from cvelistv5
Published
2011-12-08 11:00
Modified
2024-08-07 00:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2011:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:182"
},
{
"name": "47153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47153"
},
{
"name": "FEDORA-2011-16976",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071549.html"
},
{
"name": "USN-1309-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1309-1"
},
{
"name": "openSUSE-SU-2011:1318",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-12/msg00006.html"
},
{
"name": "isc-dhcp-dhcpd-regex-dos(71680)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71680"
},
{
"name": "47178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47178"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-4539"
},
{
"name": "FEDORA-2011-16981",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070980.html"
},
{
"name": "DSA-2519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "1026393",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026393"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "50971",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50971"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2011:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:182"
},
{
"name": "47153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47153"
},
{
"name": "FEDORA-2011-16976",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071549.html"
},
{
"name": "USN-1309-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1309-1"
},
{
"name": "openSUSE-SU-2011:1318",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-12/msg00006.html"
},
{
"name": "isc-dhcp-dhcpd-regex-dos(71680)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71680"
},
{
"name": "47178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47178"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-4539"
},
{
"name": "FEDORA-2011-16981",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070980.html"
},
{
"name": "DSA-2519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "1026393",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026393"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "50971",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50971"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:182",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:182"
},
{
"name": "47153",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47153"
},
{
"name": "FEDORA-2011-16976",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071549.html"
},
{
"name": "USN-1309-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1309-1"
},
{
"name": "openSUSE-SU-2011:1318",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2011-12/msg00006.html"
},
{
"name": "isc-dhcp-dhcpd-regex-dos(71680)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71680"
},
{
"name": "47178",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47178"
},
{
"name": "https://www.isc.org/software/dhcp/advisories/cve-2011-4539",
"refsource": "CONFIRM",
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-4539"
},
{
"name": "FEDORA-2011-16981",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070980.html"
},
{
"name": "DSA-2519",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "1026393",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026393"
},
{
"name": "GLSA-201301-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "50971",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50971"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4539",
"datePublished": "2011-12-08T11:00:00",
"dateReserved": "2011-11-22T00:00:00",
"dateUpdated": "2024-08-07T00:09:18.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25217 (GCVE-0-2021-25217)
Vulnerability from cvelistv5
Published
2021-05-26 22:10
Modified
2024-09-16 22:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Program code used by the ISC DHCP package to read and parse stored leases has a defect that can be exploited by an attacker to cause one of several undesirable outcomes, depending on the component attacked and the way in which it was compiled. Because of a discrepancy between the code which handles encapsulated option information in leases transmitted "on the wire" and the code which reads and parses lease information after it has been written to disk storage, it is potentially possible for an attacker to deliberately cause a situation where: dhcpd, while running in DHCPv4 or DHCPv6 mode, or dhclient, the ISC DHCP client implementation will attempt to read a stored lease that contains option information which will trigger a bug in the option parsing code. Affects ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2. Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability. Affects both dhcpd (server) and dhcpcd (client).
Summary
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2021-25217"
},
{
"name": "[oss-security] 20210526 ISC has disclosed a vulnerability in ISC DHCP (CVE-2021-25217)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/26/6"
},
{
"name": "FEDORA-2021-08cdb4dc34",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LB42JWIV4M4WDNXX5VGIP26FEYWKIF/"
},
{
"name": "[debian-lts-announce] 20210603 [SECURITY] [DLA 2674-1] isc-dhcp security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html"
},
{
"name": "FEDORA-2021-8ca8263bde",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QI4DYC7J4BGHEW3NH4XHMWTHYC36UK4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220325-0011/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
},
{
"name": "GLSA-202305-22",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ISC DHCP",
"vendor": "ISC",
"versions": [
{
"lessThan": "4.1-ESV-R16-P1",
"status": "affected",
"version": "4.1 ESV",
"versionType": "custom"
},
{
"lessThan": "4.4.2-P1",
"status": "affected",
"version": "4.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Jon Franklin from Dell and Pawel Wieczorkiewicz from Amazon Web Services for (independently) reporting this vulnerability."
}
],
"datePublic": "2021-05-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16, ISC DHCP 4.4.0 -\u003e 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Program code used by the ISC DHCP package to read and parse stored leases has a defect that can be exploited by an attacker to cause one of several undesirable outcomes, depending on the component attacked and the way in which it was compiled. Because of a discrepancy between the code which handles encapsulated option information in leases transmitted \"on the wire\" and the code which reads and parses lease information after it has been written to disk storage, it is potentially possible for an attacker to deliberately cause a situation where: dhcpd, while running in DHCPv4 or DHCPv6 mode, or dhclient, the ISC DHCP client implementation will attempt to read a stored lease that contains option information which will trigger a bug in the option parsing code. Affects ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16, ISC DHCP 4.4.0 -\u003e 4.4.2. Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability. Affects both dhcpd (server) and dhcpcd (client).",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"url": "https://kb.isc.org/docs/cve-2021-25217"
},
{
"name": "[oss-security] 20210526 ISC has disclosed a vulnerability in ISC DHCP (CVE-2021-25217)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/26/6"
},
{
"name": "FEDORA-2021-08cdb4dc34",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LB42JWIV4M4WDNXX5VGIP26FEYWKIF/"
},
{
"name": "[debian-lts-announce] 20210603 [SECURITY] [DLA 2674-1] isc-dhcp security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html"
},
{
"name": "FEDORA-2021-8ca8263bde",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QI4DYC7J4BGHEW3NH4XHMWTHYC36UK4/"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220325-0011/"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
},
{
"name": "GLSA-202305-22",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of ISC DHCP:\n\n ISC DHCP 4.1-ESV-R16-P1\n ISC DHCP 4.4.2-P1"
}
],
"source": {
"discovery": "USER"
},
"title": "A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient",
"workarounds": [
{
"lang": "en",
"value": "None known."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2021-25217",
"datePublished": "2021-05-26T22:10:11.312869Z",
"dateReserved": "2021-01-15T00:00:00",
"dateUpdated": "2024-09-16T22:08:32.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2774 (GCVE-0-2016-2774)
Vulnerability from cvelistv5
Published
2016-03-09 15:26
Modified
2024-08-05 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:20.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:2590",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2590.html"
},
{
"name": "1035196",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035196"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-01354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "FEDORA-2016-821f013cb1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.html"
},
{
"name": "USN-3586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "openSUSE-SU-2016:1843",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00066.html"
},
{
"name": "FEDORA-2016-c93d49faf3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.html"
},
{
"name": "84208",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84208"
},
{
"name": "[debian-lts-announce] 20191124 [SECURITY] [DLA 2003-1] isc-dhcp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-24T19:07:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2016:2590",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2590.html"
},
{
"name": "1035196",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035196"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-01354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "FEDORA-2016-821f013cb1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.html"
},
{
"name": "USN-3586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "openSUSE-SU-2016:1843",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00066.html"
},
{
"name": "FEDORA-2016-c93d49faf3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.html"
},
{
"name": "84208",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84208"
},
{
"name": "[debian-lts-announce] 20191124 [SECURITY] [DLA 2003-1] isc-dhcp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:2590",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2590.html"
},
{
"name": "1035196",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035196"
},
{
"name": "https://kb.isc.org/article/AA-01354",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-01354"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "FEDORA-2016-821f013cb1",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.html"
},
{
"name": "USN-3586-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "openSUSE-SU-2016:1843",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00066.html"
},
{
"name": "FEDORA-2016-c93d49faf3",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.html"
},
{
"name": "84208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84208"
},
{
"name": "[debian-lts-announce] 20191124 [SECURITY] [DLA 2003-1] isc-dhcp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2774",
"datePublished": "2016-03-09T15:26:00",
"dateReserved": "2016-02-26T00:00:00",
"dateUpdated": "2024-08-05T23:32:20.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1892 (GCVE-0-2009-1892)
Vulnerability from cvelistv5
Published
2009-07-17 16:00
Modified
2024-08-07 05:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35830"
},
{
"name": "dhcp-dhcp-dos(51717)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51717"
},
{
"name": "FEDORA-2009-9075",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html"
},
{
"name": "DSA-1833",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1833"
},
{
"name": "35669",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35669"
},
{
"name": "37342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37342"
},
{
"name": "35851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35851"
},
{
"name": "36457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36457"
},
{
"name": "MDVSA-2009:154",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:154"
},
{
"name": "FEDORA-2009-8344",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "35830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35830"
},
{
"name": "dhcp-dhcp-dos(51717)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51717"
},
{
"name": "FEDORA-2009-9075",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html"
},
{
"name": "DSA-1833",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1833"
},
{
"name": "35669",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35669"
},
{
"name": "37342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37342"
},
{
"name": "35851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35851"
},
{
"name": "36457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36457"
},
{
"name": "MDVSA-2009:154",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:154"
},
{
"name": "FEDORA-2009-8344",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-1892",
"datePublished": "2009-07-17T16:00:00",
"dateReserved": "2009-06-02T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3571 (GCVE-0-2012-3571)
Vulnerability from cvelistv5
Published
2012-07-25 10:00
Modified
2024-08-06 20:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:13:51.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-00712"
},
{
"name": "DSA-2516",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"name": "RHSA-2012:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"name": "MDVSA-2012:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"name": "openSUSE-SU-2012:1006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "MDVSA-2012:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "DSA-2519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "USN-1519-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "RHSA-2012:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1140.html"
},
{
"name": "54665",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54665"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-00712"
},
{
"name": "DSA-2516",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"name": "RHSA-2012:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"name": "MDVSA-2012:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"name": "openSUSE-SU-2012:1006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "MDVSA-2012:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "DSA-2519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "USN-1519-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "RHSA-2012:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1140.html"
},
{
"name": "54665",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54665"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "https://kb.isc.org/article/AA-00712",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00712"
},
{
"name": "DSA-2516",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"name": "RHSA-2012:1141",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"name": "MDVSA-2012:116",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"name": "openSUSE-SU-2012:1006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "MDVSA-2012:115",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "DSA-2519",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "USN-1519-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"name": "GLSA-201301-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "RHSA-2012:1140",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1140.html"
},
{
"name": "54665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54665"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3571",
"datePublished": "2012-07-25T10:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:13:51.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3611 (GCVE-0-2010-3611)
Vulnerability from cvelistv5
Published
2010-11-04 17:00
Modified
2024-08-07 03:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2010-3611"
},
{
"name": "iscdhcp-relayforward-dos(62965)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62965"
},
{
"name": "42082",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42082"
},
{
"name": "ADV-2010-2879",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2879"
},
{
"name": "MDVSA-2010:226",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:226"
},
{
"name": "42345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42345"
},
{
"name": "ADV-2010-3044",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3044"
},
{
"name": "RHSA-2010:0923",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0923.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=649877"
},
{
"name": "ADV-2010-3092",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3092"
},
{
"name": "FEDORA-2010-17312",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050766.html"
},
{
"name": "44615",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/44615"
},
{
"name": "68999",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/68999"
},
{
"name": "SUSE-SR:2010:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"name": "42407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42407"
},
{
"name": "FEDORA-2010-17303",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051287.html"
},
{
"name": "VU#102047",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/102047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2010-3611"
},
{
"name": "iscdhcp-relayforward-dos(62965)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62965"
},
{
"name": "42082",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42082"
},
{
"name": "ADV-2010-2879",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2879"
},
{
"name": "MDVSA-2010:226",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:226"
},
{
"name": "42345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42345"
},
{
"name": "ADV-2010-3044",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3044"
},
{
"name": "RHSA-2010:0923",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0923.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=649877"
},
{
"name": "ADV-2010-3092",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3092"
},
{
"name": "FEDORA-2010-17312",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050766.html"
},
{
"name": "44615",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/44615"
},
{
"name": "68999",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/68999"
},
{
"name": "SUSE-SR:2010:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"name": "42407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42407"
},
{
"name": "FEDORA-2010-17303",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051287.html"
},
{
"name": "VU#102047",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/102047"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2010-3611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.isc.org/software/dhcp/advisories/cve-2010-3611",
"refsource": "CONFIRM",
"url": "http://www.isc.org/software/dhcp/advisories/cve-2010-3611"
},
{
"name": "iscdhcp-relayforward-dos(62965)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62965"
},
{
"name": "42082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42082"
},
{
"name": "ADV-2010-2879",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2879"
},
{
"name": "MDVSA-2010:226",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:226"
},
{
"name": "42345",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42345"
},
{
"name": "ADV-2010-3044",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3044"
},
{
"name": "RHSA-2010:0923",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0923.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=649877",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=649877"
},
{
"name": "ADV-2010-3092",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3092"
},
{
"name": "FEDORA-2010-17312",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050766.html"
},
{
"name": "44615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44615"
},
{
"name": "68999",
"refsource": "OSVDB",
"url": "http://osvdb.org/68999"
},
{
"name": "SUSE-SR:2010:021",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"name": "42407",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42407"
},
{
"name": "FEDORA-2010-17303",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051287.html"
},
{
"name": "VU#102047",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/102047"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2010-3611",
"datePublished": "2010-11-04T17:00:00",
"dateReserved": "2010-09-27T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2156 (GCVE-0-2010-2156)
Vulnerability from cvelistv5
Published
2010-06-07 13:38
Modified
2024-08-07 02:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:06.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2010:114",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:114"
},
{
"name": "40116",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40116"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.isc.org/isc/dhcp/dhcp-4.1.1-P1-RELNOTES"
},
{
"name": "FEDORA-2010-9433",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042843.html"
},
{
"name": "40775",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40775"
},
{
"name": "14185",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14185"
},
{
"name": "dhcp-zero-length-dos(59222)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.isc.org/isc/dhcp/dhcp-4.0.2-P1-RELNOTES"
},
{
"name": "1024093",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2010:114",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:114"
},
{
"name": "40116",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40116"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.isc.org/isc/dhcp/dhcp-4.1.1-P1-RELNOTES"
},
{
"name": "FEDORA-2010-9433",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042843.html"
},
{
"name": "40775",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40775"
},
{
"name": "14185",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14185"
},
{
"name": "dhcp-zero-length-dos(59222)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.isc.org/isc/dhcp/dhcp-4.0.2-P1-RELNOTES"
},
{
"name": "1024093",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2010:114",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:114"
},
{
"name": "40116",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40116"
},
{
"name": "http://ftp.isc.org/isc/dhcp/dhcp-4.1.1-P1-RELNOTES",
"refsource": "CONFIRM",
"url": "http://ftp.isc.org/isc/dhcp/dhcp-4.1.1-P1-RELNOTES"
},
{
"name": "FEDORA-2010-9433",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042843.html"
},
{
"name": "40775",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40775"
},
{
"name": "14185",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14185"
},
{
"name": "dhcp-zero-length-dos(59222)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59222"
},
{
"name": "http://ftp.isc.org/isc/dhcp/dhcp-4.0.2-P1-RELNOTES",
"refsource": "CONFIRM",
"url": "http://ftp.isc.org/isc/dhcp/dhcp-4.0.2-P1-RELNOTES"
},
{
"name": "1024093",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2156",
"datePublished": "2010-06-07T13:38:00",
"dateReserved": "2010-06-03T00:00:00",
"dateUpdated": "2024-08-07T02:25:06.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2012-07-25 10:42
Modified
2025-04-11 00:51
Severity ?
Summary
Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201301-06.xml | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2012:115 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/54665 | ||
| cve@mitre.org | https://kb.isc.org/article/AA-00714 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201301-06.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2012:115 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/54665 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.isc.org/article/AA-00714 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFCB588-F1C0-4276-993C-CB0FA2BE21F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE3EE047-6A23-4BFF-9576-9E4CA63BA153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1707B3D-29F7-46C6-8A0A-D776E062FD4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "53551545-041A-456F-BC81-E05A6B3CB198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F3DBB40-638E-4A4B-99B4-534D2564E146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "493B7D92-18A4-4221-AEDD-917404C47E6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "FA0C3173-8630-4613-B1D3-711468FC3749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:p2:*:*:*:*:*:*",
"matchCriteriaId": "F104AD27-0AE0-4853-B19C-1D83070A0DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65689412-A35D-40B9-8671-DE8FF63C3DCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en ISC DHCP v4.2.x antes de v4.2.4-P1, cuando el modo DHCPv6 est\u00e1 habilitado, permite a atacantes remotos causar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n y parada del demonio) a trav\u00e9s de un par\u00e1metro \"identificador de cliente\" modificado para tal fin.\r\n"
}
],
"id": "CVE-2012-3570",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-25T10:42:35.710",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/54665"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-00714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/54665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-00714"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-14 20:30
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-010.txt.asc | ||
| cret@cert.org | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083 | ||
| cret@cert.org | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083 | ||
| cret@cert.org | http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00003.html | ||
| cret@cert.org | http://secunia.com/advisories/35785 | Vendor Advisory | |
| cret@cert.org | http://secunia.com/advisories/35829 | ||
| cret@cert.org | http://secunia.com/advisories/35830 | ||
| cret@cert.org | http://secunia.com/advisories/35831 | ||
| cret@cert.org | http://secunia.com/advisories/35832 | ||
| cret@cert.org | http://secunia.com/advisories/35841 | ||
| cret@cert.org | http://secunia.com/advisories/35849 | ||
| cret@cert.org | http://secunia.com/advisories/35850 | ||
| cret@cert.org | http://secunia.com/advisories/35851 | ||
| cret@cert.org | http://secunia.com/advisories/35880 | ||
| cret@cert.org | http://secunia.com/advisories/36457 | ||
| cret@cert.org | http://secunia.com/advisories/37342 | ||
| cret@cert.org | http://secunia.com/advisories/40551 | ||
| cret@cert.org | http://security.gentoo.org/glsa/glsa-200907-12.xml | ||
| cret@cert.org | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561471 | ||
| cret@cert.org | http://www.debian.org/security/2009/dsa-1833 | ||
| cret@cert.org | http://www.kb.cert.org/vuls/id/410676 | US Government Resource | |
| cret@cert.org | http://www.mandriva.com/security/advisories?name=MDVSA-2009:151 | ||
| cret@cert.org | http://www.osvdb.org/55819 | ||
| cret@cert.org | http://www.redhat.com/support/errata/RHSA-2009-1136.html | ||
| cret@cert.org | http://www.redhat.com/support/errata/RHSA-2009-1154.html | ||
| cret@cert.org | http://www.securityfocus.com/bid/35668 | ||
| cret@cert.org | http://www.securitytracker.com/id?1022548 | ||
| cret@cert.org | http://www.ubuntu.com/usn/usn-803-1 | ||
| cret@cert.org | http://www.vupen.com/english/advisories/2009/1891 | ||
| cret@cert.org | http://www.vupen.com/english/advisories/2010/1796 | ||
| cret@cert.org | https://bugzilla.redhat.com/show_bug.cgi?id=507717 | ||
| cret@cert.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10758 | ||
| cret@cert.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5941 | ||
| cret@cert.org | https://www.isc.org/downloadables/12 | ||
| cret@cert.org | https://www.isc.org/node/468 | Patch, Vendor Advisory | |
| cret@cert.org | https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html | ||
| cret@cert.org | https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-010.txt.asc | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35785 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35829 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35830 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35831 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35832 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35841 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35849 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35850 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35851 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35880 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36457 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37342 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/40551 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200907-12.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561471 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1833 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/410676 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:151 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/55819 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-1136.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-1154.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/35668 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1022548 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-803-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1891 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1796 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=507717 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10758 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5941 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.isc.org/downloadables/12 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.isc.org/node/468 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC3F60D5-1AC2-4FBD-9CA5-775F082D339D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "648BBC1F-1792-443F-B625-67A05004EB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9B9007-1F13-4991-B44C-47D8EB56FB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "685EB87F-756C-4DBA-A347-171470EA0B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41B46352-9D4D-4C74-876F-3685016025CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el m\u00e9todo script_write_params en client/dhclient.c en ISC DHCP dhclient v4.1 anteriores a v4.1.0p1, v4.0 anteriores a v4.0.1p1, v3.1 anteriores a v3.1.2p1, v3.0, y v2.0 permite a servidores DHCP remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una opci\u00f3n manipulada subnet-mask."
}
],
"id": "CVE-2009-0692",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-14T20:30:00.217",
"references": [
{
"source": "cret@cert.org",
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-010.txt.asc"
},
{
"source": "cret@cert.org",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
},
{
"source": "cret@cert.org",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00003.html"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35785"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/35829"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/35830"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/35831"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/35832"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/35841"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/35849"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/35850"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/35851"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/35880"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/36457"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/37342"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/40551"
},
{
"source": "cret@cert.org",
"url": "http://security.gentoo.org/glsa/glsa-200907-12.xml"
},
{
"source": "cret@cert.org",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.561471"
},
{
"source": "cret@cert.org",
"url": "http://www.debian.org/security/2009/dsa-1833"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/410676"
},
{
"source": "cret@cert.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:151"
},
{
"source": "cret@cert.org",
"url": "http://www.osvdb.org/55819"
},
{
"source": "cret@cert.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1136.html"
},
{
"source": "cret@cert.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1154.html"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/35668"
},
{
"source": "cret@cert.org",
"url": "http://www.securitytracker.com/id?1022548"
},
{
"source": "cret@cert.org",
"url": "http://www.ubuntu.com/usn/usn-803-1"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2009/1891"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2010/1796"
},
{
"source": "cret@cert.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=507717"
},
{
"source": "cret@cert.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10758"
},
{
"source": "cret@cert.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5941"
},
{
"source": "cret@cert.org",
"url": "https://www.isc.org/downloadables/12"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.isc.org/node/468"
},
{
"source": "cret@cert.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html"
},
{
"source": "cret@cert.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-010.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/40551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200907-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.561471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/410676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/55819"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1136.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1154.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-803-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=507717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.isc.org/downloadables/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.isc.org/node/468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vendorComments": [
{
"comment": "This issue affected the dhcp packages as shipped with Red Hat Enterprise Linux 3 and 4. Updated packages to correct this issue are available via Red Hat Network:\n\nhttps://rhn.redhat.com/errata/CVE-2009-0692.html\n\nThis issue did not affect the dhcp packages as shipped with Red Hat Enterprise Linux 5 due to the use of FORTIFY_SOURCE protection mechanism that changes the exploitability of the issue into a controlled application termination.",
"lastModified": "2009-07-16T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-08 15:17
Modified
2025-04-11 00:51
Severity ?
Summary
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 | Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://marc.info/?l=bugtraq&m=133226187115472&w=2 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://marc.info/?l=bugtraq&m=133226187115472&w=2 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/44037 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/44048 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/44089 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/44090 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/44103 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/44127 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/44180 | Third Party Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201301-06.xml | Third Party Advisory | |
| cve@mitre.org | http://securitytracker.com/id?1025300 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593345 | Third Party Advisory | |
| cve@mitre.org | http://www.debian.org/security/2011/dsa-2216 | Third Party Advisory | |
| cve@mitre.org | http://www.debian.org/security/2011/dsa-2217 | Third Party Advisory | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/107886 | Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2011:073 | Third Party Advisory | |
| cve@mitre.org | http://www.osvdb.org/71493 | Broken Link | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2011-0428.html | Third Party Advisory | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2011-0840.html | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/47176 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/USN-1108-1 | Third Party Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/0879 | Permissions Required | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/0886 | Permissions Required | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/0909 | Permissions Required | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/0915 | Permissions Required | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/0926 | Permissions Required | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/0965 | Permissions Required | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/1000 | Permissions Required | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=689832 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/66580 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812 | Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/37623/ | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.isc.org/software/dhcp/advisories/cve-2011-0997 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=133226187115472&w=2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=133226187115472&w=2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/44037 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/44048 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/44089 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/44090 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/44103 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/44127 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/44180 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201301-06.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1025300 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593345 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2011/dsa-2216 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2011/dsa-2217 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/107886 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:073 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/71493 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2011-0428.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2011-0840.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/47176 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1108-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0879 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0886 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0909 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0915 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0926 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0965 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/1000 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=689832 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/66580 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/37623/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.isc.org/software/dhcp/advisories/cve-2011-0997 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.3 | |
| isc | dhcp | 3.0.3 | |
| isc | dhcp | 3.0.3 | |
| isc | dhcp | 3.0.3 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.5 | |
| isc | dhcp | 3.0.5 | |
| isc | dhcp | 3.0.6 | |
| isc | dhcp | 3.1-esv | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.1 | |
| isc | dhcp | 3.1.1 | |
| isc | dhcp | 3.1.2 | |
| isc | dhcp | 3.1.2 | |
| isc | dhcp | 3.1.2 | |
| isc | dhcp | 3.1.3 | |
| isc | dhcp | 3.1.3 | |
| isc | dhcp | 3.1.3 | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| debian | debian_linux | 5.0 | |
| debian | debian_linux | 6.0 | |
| debian | debian_linux | 7.0 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 9.10 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 10.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "648BBC1F-1792-443F-B625-67A05004EB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "EA086AC5-9ADF-4EF9-9534-B1C78CD7A56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1E94449B-6FB0-4E4D-9D92-144A1C474761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc10:*:*:*:*:*:*",
"matchCriteriaId": "6824B249-D222-4F29-8C29-E92071F12621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc11:*:*:*:*:*:*",
"matchCriteriaId": "2F7A3F32-C297-4331-9B8D-1CF8F3D32315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc12:*:*:*:*:*:*",
"matchCriteriaId": "B4959ABA-9F2E-4003-9566-DBE3177AE233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc13:*:*:*:*:*:*",
"matchCriteriaId": "0CE2A3CA-EFB6-4547-BED8-CAC39156F10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc14:*:*:*:*:*:*",
"matchCriteriaId": "5DE205EE-F708-4E4A-A861-EBF6D3C062F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BD8EBBF0-A61B-4FF0-B055-9BA2A21617A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "B3141202-993D-4E80-9EAD-ACA6C1343D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc6:*:*:*:*:*:*",
"matchCriteriaId": "6E0768D1-37D3-4C17-A3A9-94EA237392AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "F167B922-DD9E-4DD1-BB8F-B232711BACCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc8:*:*:*:*:*:*",
"matchCriteriaId": "4E23602E-FFA1-49E2-BF4C-BC5D074517B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc9:*:*:*:*:*:*",
"matchCriteriaId": "8DA200FE-D261-4532-AC63-1208611AFE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "46030C9F-C817-4ACA-A89D-8CCD4DE97B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0A3649A4-BA40-4D8A-AB7C-AE1584459DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9ADC8A14-E847-4CC5-8FA5-522883DE324F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CAA0C26C-9B0A-4ACB-9BD7-413F94948545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2DC6FA47-1F41-465D-8EAD-8116643ADAEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "87CBA8DD-650D-4A67-924C-B108CEE74BB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "5D71C1AA-E5F7-454B-9267-FE23E1C2AB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b2:*:*:*:*:*:*",
"matchCriteriaId": "6D521DF6-AED8-40FA-B183-D469100B8B7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b3:*:*:*:*:*:*",
"matchCriteriaId": "BD90F626-AC37-491A-A59D-11307D73E27A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:-:*:*:*:*:*:*",
"matchCriteriaId": "F59B80F0-2FD5-461B-91C7-966BAFB5AB38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b1:*:*:*:*:*:*",
"matchCriteriaId": "34D8DF2C-387B-4880-9832-15583272E151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b2:*:*:*:*:*:*",
"matchCriteriaId": "FD78CE26-475D-4D8B-8625-CAE850F6E876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b3:*:*:*:*:*:*",
"matchCriteriaId": "9338F9AA-41F0-470E-BB49-C1A395376DF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6297233D-6C25-4A10-8F0A-79A8452ABAD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.5:-:*:*:*:*:*:*",
"matchCriteriaId": "0AC6F4D8-DD42-49F6-994C-75EFA888FA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9D5A562-AEB5-41D8-9137-65B3100B1F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5AD8F74D-3F4B-4E25-92C9-D20C63B4B77E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1-esv:*:*:*:*:*:*:*",
"matchCriteriaId": "B7928AD6-4E2D-414D-A7E2-6DFB559CA1CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CD9AE49C-C152-4D0D-AB08-938F54631909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "7528512B-66EC-4B2C-9158-34199C4A5FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "106F8860-B068-4B68-8734-206BFD401C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a3:*:*:*:*:*:*",
"matchCriteriaId": "240D0880-DC35-41A6-B4F2-F9B73DF4AF59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "6643B661-0253-4036-88D7-AF70B610B627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "EFD04E6D-B418-4BCB-A3A1-CDFDEC271497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7CA10784-1F4A-459B-8FFE-47E9993A63AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1CF53110-2163-4474-81AC-846E8D502EB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "60FEE70E-514D-4481-A9AE-89FBF9E90AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "B571E882-C976-4156-BE03-96E52EA7463C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "F7A01E62-5C0B-4CB7-B1A3-A60269D901E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D25667FF-3EDC-4238-ADF5-25EFA4D88EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.3:-:*:*:*:*:*:*",
"matchCriteriaId": "B954F84E-1046-4A9F-AF86-7E62FDE88C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "D60C4CBE-C104-4A12-B7DD-AFBB2C1C21AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E4033956-E928-42F7-97E9-A2357CEACEE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
"matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3120B566-2BB6-4A1F-9ED7-E099E2870919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "150D46FA-873E-4E4F-8192-BCA1076994D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5C6D8D55-DCD2-4E70-B3C6-76F2134DA336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
"matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script."
},
{
"lang": "es",
"value": "dhclient en ISC DHCP 3.0.x hasta la versi\u00f3n 4.2.x en versiones anteriores a 4.2.1-P1, 3.1-ESV en versiones anteriores a 3.1-ESV-R1 y 4.1-ESV en versiones anteriores a 4.1-ESV-R2 permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres shell en un nombre de anfitri\u00f3n obtenido de un mensaje DHCP, como es demostrado por un nombre de anfitri\u00f3n dado por dhclient-script."
}
],
"id": "CVE-2011-0997",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-04-08T15:17:27.387",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44037"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44048"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44089"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44090"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44103"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44127"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44180"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1025300"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.593345"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2216"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2217"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/107886"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:073"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/71493"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0428.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0840.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/47176"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1108-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0879"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0886"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0909"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0915"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0926"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0965"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/1000"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66580"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/37623/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1025300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.593345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/107886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/71493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0428.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0840.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/47176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1108-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0926"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/1000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/37623/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-16 20:29
Modified
2025-04-25 23:15
Severity ?
Summary
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-officer@isc.org | http://www.securityfocus.com/bid/103188 | Third Party Advisory, VDB Entry | |
| security-officer@isc.org | http://www.securitytracker.com/id/1040437 | Third Party Advisory, VDB Entry | |
| security-officer@isc.org | https://access.redhat.com/errata/RHSA-2018:0469 | Third Party Advisory | |
| security-officer@isc.org | https://access.redhat.com/errata/RHSA-2018:0483 | Third Party Advisory | |
| security-officer@isc.org | https://kb.isc.org/docs/aa-01567 | Vendor Advisory | |
| security-officer@isc.org | https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html | Third Party Advisory | |
| security-officer@isc.org | https://usn.ubuntu.com/3586-1/ | Third Party Advisory | |
| security-officer@isc.org | https://usn.ubuntu.com/3586-2/ | Third Party Advisory | |
| security-officer@isc.org | https://www.debian.org/security/2018/dsa-4133 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103188 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040437 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:0469 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:0483 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.isc.org/docs/aa-01567 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20250425-0010/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3586-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3586-2/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4133 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | * | |
| isc | dhcp | * | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.4.0 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.4 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_eus | 7.4 | |
| redhat | enterprise_linux_server_eus | 7.5 | |
| redhat | enterprise_linux_server_eus | 7.6 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B88B6F8-3F13-4984-BBCF-F79BE911F15D",
"versionEndIncluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADAC6E78-8F98-42C3-BE19-276826F84752",
"versionEndIncluding": "4.3.6",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
"matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10:*:*:*:*:*:*",
"matchCriteriaId": "179443DC-4B6A-408A-8BE5-B3E72188F43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_b1:*:*:*:*:*:*",
"matchCriteriaId": "C9BE7736-58CD-468B-84AB-B38C9B254BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_rc1:*:*:*:*:*:*",
"matchCriteriaId": "7EB6F7F0-B2A0-47E3-AD7A-4E7618A36F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11:*:*:*:*:*:*",
"matchCriteriaId": "ADF80D19-3B0A-4A74-944E-F33CCC30EADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_b1:*:*:*:*:*:*",
"matchCriteriaId": "40B21FCB-43A8-4266-934D-ECFF8138F637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc1:*:*:*:*:*:*",
"matchCriteriaId": "69D49F23-9074-49E7-985F-4D93393324CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc2:*:*:*:*:*:*",
"matchCriteriaId": "3F729D1D-7234-4BC2-839B-AE1BB9D16C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:*",
"matchCriteriaId": "FBA64EEC-C0C7-4F11-8131-2868691E54DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_b1:*:*:*:*:*:*",
"matchCriteriaId": "157520D7-AE39-4E23-A8CF-DD75EA78C055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_p1:*:*:*:*:*:*",
"matchCriteriaId": "B07118EC-9508-42B8-8D09-5CE310DA2B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13:*:*:*:*:*:*",
"matchCriteriaId": "A157E664-6ACE-44CE-AC07-64898B182EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13_b1:*:*:*:*:*:*",
"matchCriteriaId": "0056BF7A-4A70-4F1D-89C2-25CCDB65217B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14:*:*:*:*:*:*",
"matchCriteriaId": "1D21F05D-246F-41F5-81FD-286C26168E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14_b1:*:*:*:*:*:*",
"matchCriteriaId": "12103C87-C942-481A-A68C-7BC83F964C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15:*:*:*:*:*:*",
"matchCriteriaId": "924E91FF-495F-4963-827F-57F7340C6560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r2:*:*:*:*:*:*",
"matchCriteriaId": "A5E2FFC7-6E73-463E-846C-C403E41A2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3:*:*:*:*:*:*",
"matchCriteriaId": "E9D08285-745D-40AB-9A78-F467712CDA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1:*:*:*:*:*:*",
"matchCriteriaId": "1D115F1F-1A3A-4924-AF10-723B3BB0CBB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r4:*:*:*:*:*:*",
"matchCriteriaId": "79F235F0-AD16-4E5B-AB60-97F0BB86AEB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5:*:*:*:*:*:*",
"matchCriteriaId": "E84D5E5B-0336-4166-AAAC-49375E3AF971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_b1:*:*:*:*:*:*",
"matchCriteriaId": "09561C97-563C-4DDC-9EE4-E83EFFD467D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc1:*:*:*:*:*:*",
"matchCriteriaId": "519CF0CC-FB12-4C68-88A0-E0E15738C620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc2:*:*:*:*:*:*",
"matchCriteriaId": "80EB131E-32E5-458F-8DDA-48835D2D883F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r6:*:*:*:*:*:*",
"matchCriteriaId": "65E0296F-3522-4B43-AF34-CFE1AE7EEC1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r7:*:*:*:*:*:*",
"matchCriteriaId": "69F6E619-A52B-4A60-8247-41ADD0E7D655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8:*:*:*:*:*:*",
"matchCriteriaId": "AA48EBAA-10B7-43D6-9A27-99F2578DF7F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8_b1:*:*:*:*:*:*",
"matchCriteriaId": "20040BB3-F157-4505-BB60-0D919A7D1436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8_rc1:*:*:*:*:*:*",
"matchCriteriaId": "974A8587-8351-490A-82D9-B541862CA4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9:*:*:*:*:*:*",
"matchCriteriaId": "7DABD43E-818A-4B21-B4E7-753056D4A184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9_b1:*:*:*:*:*:*",
"matchCriteriaId": "EE991D0E-2E2D-4844-9BBD-235D8BC5FB7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9_rc1:*:*:*:*:*:*",
"matchCriteriaId": "975EF88C-988F-40A6-B7D1-D27439144CC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3120B566-2BB6-4A1F-9ED7-E099E2870919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "78214BCE-9739-40B9-A32E-89C16F7195DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13C8AD22-6E39-4899-88B2-7ED44BE890A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0."
},
{
"lang": "es",
"value": "Un cliente malicioso al que se le permite enviar grandes cantidades de tr\u00e1fico (miles de millones de paquetes) a un servidor DHCP puede terminar desbordando un contador de referencia de 32 bits, provocando el cierre inesperado de dhcpd. Afecta a ISC DHCP desde la versi\u00f3n 4.1.0 hasta la 4.1-ESV-R15, desde la versi\u00f3n 4.2.0 hasta la 4.2.8, desde la versi\u00f3n 4.3.0 hasta la 4.3.6 y a la versi\u00f3n 4.4.0."
}
],
"id": "CVE-2018-5733",
"lastModified": "2025-04-25T23:15:15.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "security-officer@isc.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-16T20:29:00.753",
"references": [
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103188"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040437"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0469"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0483"
},
{
"source": "security-officer@isc.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/aa-01567"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3586-2/"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/aa-01567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20250425-0010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3586-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4133"
}
],
"sourceIdentifier": "security-officer@isc.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-31 21:00
Modified
2025-04-11 00:51
Severity ?
Summary
The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053644.html | Third Party Advisory | |
| cret@cert.org | http://secunia.com/advisories/43006 | Third Party Advisory | |
| cret@cert.org | http://secunia.com/advisories/43104 | Third Party Advisory | |
| cret@cert.org | http://secunia.com/advisories/43167 | Third Party Advisory | |
| cret@cert.org | http://secunia.com/advisories/43354 | Third Party Advisory | |
| cret@cert.org | http://secunia.com/advisories/43613 | Third Party Advisory | |
| cret@cert.org | http://securitytracker.com/id?1024999 | Third Party Advisory, VDB Entry | |
| cret@cert.org | http://www.debian.org/security/2011/dsa-2184 | Third Party Advisory | |
| cret@cert.org | http://www.isc.org/software/dhcp/advisories/cve-2011-0413 | Vendor Advisory | |
| cret@cert.org | http://www.kb.cert.org/vuls/id/686084 | Third Party Advisory, US Government Resource | |
| cret@cert.org | http://www.mandriva.com/security/advisories?name=MDVSA-2011:022 | Third Party Advisory | |
| cret@cert.org | http://www.osvdb.org/70680 | Broken Link | |
| cret@cert.org | http://www.redhat.com/support/errata/RHSA-2011-0256.html | Third Party Advisory | |
| cret@cert.org | http://www.securityfocus.com/bid/46035 | Third Party Advisory, VDB Entry | |
| cret@cert.org | http://www.vupen.com/english/advisories/2011/0235 | Permissions Required | |
| cret@cert.org | http://www.vupen.com/english/advisories/2011/0266 | Permissions Required | |
| cret@cert.org | http://www.vupen.com/english/advisories/2011/0300 | Permissions Required | |
| cret@cert.org | http://www.vupen.com/english/advisories/2011/0400 | Permissions Required | |
| cret@cert.org | http://www.vupen.com/english/advisories/2011/0583 | Permissions Required | |
| cret@cert.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/64959 | Third Party Advisory, VDB Entry | |
| cret@cert.org | https://kb.isc.org/article/AA-00456 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053644.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43006 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43104 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43167 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43354 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43613 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1024999 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2011/dsa-2184 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.isc.org/software/dhcp/advisories/cve-2011-0413 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/686084 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:022 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/70680 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2011-0256.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/46035 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0235 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0266 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0300 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0400 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0583 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/64959 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.isc.org/article/AA-00456 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | 4.0 | |
| isc | dhcp | 4.0.0 | |
| isc | dhcp | 4.0.1 | |
| isc | dhcp | 4.0.1 | |
| isc | dhcp | 4.0.1 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.3 | |
| isc | dhcp | 4.0.3 | |
| isc | dhcp | 4.0.3 | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.0-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "685EB87F-756C-4DBA-A347-171470EA0B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79DA60EA-F94F-4890-BF9E-E142BC219118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "22F98A8C-2C14-40F2-9CA6-FDB909CAB4EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "1F1D4AC8-EF46-4770-88D0-8625CA3B0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FAD5E62F-2C6E-4E78-BDED-1E98F4B6AB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "D90EE731-495C-41B3-B525-CB45392D0190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "09AEAAB7-65FD-4126-A885-813A68B2C942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "BB509C28-72ED-4363-B56A-92D4427FB4E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b3:*:*:*:*:*:*",
"matchCriteriaId": "53F71472-2EC8-441A-B27A-201BEE567717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "584F117E-BDF9-43C5-A870-52EC88855416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "757A6609-79A3-4E52-9CB0-AB830172A69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "3B3EFEAF-F562-488B-9EF4-1467CEF719AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F028BC86-1573-4B86-9976-5F0DA4DB6CC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "78214BCE-9739-40B9-A32E-89C16F7195DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "A91F4FD9-1797-4B9C-AFB8-EC6445119DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "4479C934-BF9A-428F-AD22-41C45B70C546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b2:*:*:*:*:*:*",
"matchCriteriaId": "11EE9507-6827-4CFF-B3B4-9DC4DE3E0B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b3:*:*:*:*:*:*",
"matchCriteriaId": "E6CE1A0F-BE1E-4312-B68F-F09B05929F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17B6DEFA-0977-474A-9871-B03DEE924ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "09F19067-DD99-4B26-8125-0801459ED6B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0-esv:*:*:*:*:*:*:*",
"matchCriteriaId": "427C13A1-C73C-4352-902C-2DA3B6C51BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
"matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "150D46FA-873E-4E4F-8192-BCA1076994D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address."
},
{
"lang": "es",
"value": "El servidor DHCPv6 en ISC DHCP v4.0.x y v4.1.x anterior a v.4.1.2-P1, v.4.0-ESV y v.4.1-ESV anterior a v.4.1-ESV-R1, y v.4.2.x anterior a v.4.2.1b1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio enviando mensajes sobre IPv6 para un declinado y abandono de la direcci\u00f3n."
}
],
"id": "CVE-2011-0413",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-31T21:00:18.110",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053644.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43006"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43104"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43167"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43354"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43613"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1024999"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2184"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-0413"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/686084"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:022"
},
{
"source": "cret@cert.org",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/70680"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0256.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/46035"
},
{
"source": "cret@cert.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0235"
},
{
"source": "cret@cert.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0266"
},
{
"source": "cret@cert.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0300"
},
{
"source": "cret@cert.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0400"
},
{
"source": "cret@cert.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0583"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64959"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-00456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053644.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1024999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-0413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/686084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/70680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0256.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/46035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-00456"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-17 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://secunia.com/advisories/35830 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35851 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/36457 | ||
| secalert@redhat.com | http://secunia.com/advisories/37342 | ||
| secalert@redhat.com | http://www.debian.org/security/2009/dsa-1833 | Patch | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:154 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/35669 | Patch | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/51717 | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35830 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35851 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36457 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37342 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1833 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:154 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/35669 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/51717 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1269D9FF-C497-4FA5-90DA-302A9FC1EB75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4_b1:*:*:*:*:*:*:*",
"matchCriteriaId": "34BCCA79-76A8-494A-94CA-BB8FA11891DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4_b2:*:*:*:*:*:*:*",
"matchCriteriaId": "5442D329-81D5-4891-A063-FC6A07D7E1FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4_b3:*:*:*:*:*:*:*",
"matchCriteriaId": "14F64C1F-92E7-4190-9472-046F34C28539",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22D732C6-F89B-4FCA-A949-3F67B4E7A7F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests."
},
{
"lang": "es",
"value": "dhcpd en ISC DHCP v3.0.4 y v3.1.1, cuando se utilizan de forma simult\u00e1nea el identificador de cliente dhcp y la configuraci\u00f3n de hardware ethernet, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de una petici\u00f3n no especificada."
}
],
"id": "CVE-2009-1892",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-17T16:30:00.843",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35830"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35851"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/36457"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/37342"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1833"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:154"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35669"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51717"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Not vulnerable. Red Hat Enterprise Linux 3, 4, and 5 provide earlier versions of ISC DHCP which are not vulnerable to this issue.",
"lastModified": "2009-07-20T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-17 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the "dhcpd -t" command.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://secunia.com/advisories/35831 | Vendor Advisory | |
| secalert@redhat.com | http://securitytracker.com/id?1022554 | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-1154.html | Vendor Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/35670 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=510024 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/51718 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11597 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6440 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35831 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1022554 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-1154.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/35670 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=510024 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/51718 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11597 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6440 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_linux | 3.0 | |
| redhat | enterprise_linux | 3.0 | |
| redhat | enterprise_linux | 3.0 | |
| redhat | enterprise_linux | 3.0 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "40D8DAE0-8E75-435C-9BD6-FAEED2ACB47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:as:*:*:*:*:*",
"matchCriteriaId": "327FEE54-79EC-4B5E-B838-F3C61FCDF48E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:es:*:*:*:*:*",
"matchCriteriaId": "056C1C15-D110-4309-A9A6-41BD753FE4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:ws:*:*:*:*:*",
"matchCriteriaId": "08392974-5AC1-4B12-893F-3F733EF05F80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1E94449B-6FB0-4E4D-9D92-144A1C474761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc10:*:*:*:*:*:*",
"matchCriteriaId": "6824B249-D222-4F29-8C29-E92071F12621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc11:*:*:*:*:*:*",
"matchCriteriaId": "2F7A3F32-C297-4331-9B8D-1CF8F3D32315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc12:*:*:*:*:*:*",
"matchCriteriaId": "B4959ABA-9F2E-4003-9566-DBE3177AE233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc13:*:*:*:*:*:*",
"matchCriteriaId": "0CE2A3CA-EFB6-4547-BED8-CAC39156F10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc14:*:*:*:*:*:*",
"matchCriteriaId": "5DE205EE-F708-4E4A-A861-EBF6D3C062F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BD8EBBF0-A61B-4FF0-B055-9BA2A21617A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "B3141202-993D-4E80-9EAD-ACA6C1343D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc6:*:*:*:*:*:*",
"matchCriteriaId": "6E0768D1-37D3-4C17-A3A9-94EA237392AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "F167B922-DD9E-4DD1-BB8F-B232711BACCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc8:*:*:*:*:*:*",
"matchCriteriaId": "4E23602E-FFA1-49E2-BF4C-BC5D074517B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc9:*:*:*:*:*:*",
"matchCriteriaId": "8DA200FE-D261-4532-AC63-1208611AFE46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the \"dhcpd -t\" command."
},
{
"lang": "es",
"value": "La funci\u00f3n configtest en la secuencia de comandos de inicio del DHCPD en Red Hat para DHCP 3.0.1 en Red Hat Enterprise Linux (RHEL) 3 permite a usuarios locales sobrescribir ficheros de su elecci\u00f3n a trav\u00e9s de un ataque de enlace simb\u00f3lico sobre un fichero temporal no especificado, relativo al comando \"dhcpd -t\"."
}
],
"id": "CVE-2009-1893",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-17T16:30:00.890",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35831"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1022554"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1154.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/35670"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=510024"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51718"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11597"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1022554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1154.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=510024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6440"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-12-08 11:55
Modified
2025-04-11 00:51
Severity ?
Summary
dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070980.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071549.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2011-12/msg00006.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/47153 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/47178 | Third Party Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201301-06.xml | Third Party Advisory | |
| cve@mitre.org | http://www.debian.org/security/2012/dsa-2519 | Third Party Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2011:182 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/50971 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1026393 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/USN-1309-1 | Third Party Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/71680 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.isc.org/software/dhcp/advisories/cve-2011-4539 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070980.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071549.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2011-12/msg00006.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/47153 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/47178 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201301-06.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2012/dsa-2519 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:182 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/50971 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1026393 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1309-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/71680 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.isc.org/software/dhcp/advisories/cve-2011-4539 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | 4.0 | |
| isc | dhcp | 4.0.0 | |
| isc | dhcp | 4.0.1 | |
| isc | dhcp | 4.0.1 | |
| isc | dhcp | 4.0.1 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.3 | |
| isc | dhcp | 4.0.3 | |
| isc | dhcp | 4.0.3 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| canonical | ubuntu_linux | 11.04 | |
| canonical | ubuntu_linux | 11.10 | |
| debian | debian_linux | 6.0 | |
| debian | debian_linux | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "685EB87F-756C-4DBA-A347-171470EA0B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79DA60EA-F94F-4890-BF9E-E142BC219118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "22F98A8C-2C14-40F2-9CA6-FDB909CAB4EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "1F1D4AC8-EF46-4770-88D0-8625CA3B0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FAD5E62F-2C6E-4E78-BDED-1E98F4B6AB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "D90EE731-495C-41B3-B525-CB45392D0190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "09AEAAB7-65FD-4126-A885-813A68B2C942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "BB509C28-72ED-4363-B56A-92D4427FB4E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b3:*:*:*:*:*:*",
"matchCriteriaId": "53F71472-2EC8-441A-B27A-201BEE567717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "584F117E-BDF9-43C5-A870-52EC88855416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "757A6609-79A3-4E52-9CB0-AB830172A69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "3B3EFEAF-F562-488B-9EF4-1467CEF719AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F028BC86-1573-4B86-9976-5F0DA4DB6CC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b3:*:*:*:*:*:*",
"matchCriteriaId": "E6CE1A0F-BE1E-4312-B68F-F09B05929F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17B6DEFA-0977-474A-9871-B03DEE924ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE50853A-BAE7-499B-A3D7-468A08A07BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "150D46FA-873E-4E4F-8192-BCA1076994D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5C6D8D55-DCD2-4E70-B3C6-76F2134DA336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:-:*:*:*:*:*:*",
"matchCriteriaId": "5E91F700-F59A-491F-BA99-53EC79E573D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "53551545-041A-456F-BC81-E05A6B3CB198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F3DBB40-638E-4A4B-99B4-534D2564E146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:-:*:*:*:*:*:*",
"matchCriteriaId": "0B921430-F03C-42DB-A362-562136B01445",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
"matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r2:*:*:*:*:*:*",
"matchCriteriaId": "A5E2FFC7-6E73-463E-846C-C403E41A2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3:*:*:*:*:*:*",
"matchCriteriaId": "E9D08285-745D-40AB-9A78-F467712CDA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1:*:*:*:*:*:*",
"matchCriteriaId": "1D115F1F-1A3A-4924-AF10-723B3BB0CBB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet."
},
{
"lang": "es",
"value": "dhcpd en ISC DHCP v4.x antes de v4.2.3-P1 y v4.1-ESV antes de v4.1-ESV-R4 no manipula correctamente expresiones regulares en dhcpd.conf, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del deminio) a trav\u00e9s de un paquete de petici\u00f3n modificado."
}
],
"id": "CVE-2011-4539",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-08T11:55:02.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070980.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071549.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-12/msg00006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/47153"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/47178"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:182"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/50971"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1026393"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1309-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71680"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-4539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070980.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071549.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-12/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/47153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/47178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/50971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1026393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1309-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-4539"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-08-15 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 | Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html | Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/45582 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/45595 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/45629 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/45639 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/45817 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/45918 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/46780 | Third Party Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201301-06.xml | Third Party Advisory | |
| cve@mitre.org | http://securitytracker.com/id?1025918 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.debian.org/security/2011/dsa-2292 | Third Party Advisory | |
| cve@mitre.org | http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html | Vendor Advisory | |
| cve@mitre.org | http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html | Vendor Advisory | |
| cve@mitre.org | http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html | Vendor Advisory | |
| cve@mitre.org | http://www.isc.org/software/dhcp/advisories/cve-2011-2748 | Vendor Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2011:128 | Third Party Advisory | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2011-1160.html | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/49120 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/USN-1190-1 | Third Party Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/attachment.cgi?id=517665&action=diff | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=729382 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://hermes.opensuse.org/messages/11695711 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45582 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45595 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45629 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45639 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45817 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45918 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/46780 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201301-06.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1025918 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2011/dsa-2292 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.isc.org/software/dhcp/advisories/cve-2011-2748 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:128 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2011-1160.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/49120 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1190-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/attachment.cgi?id=517665&action=diff | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=729382 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hermes.opensuse.org/messages/11695711 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.3 | |
| isc | dhcp | 3.0.3 | |
| isc | dhcp | 3.0.3 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.5 | |
| isc | dhcp | 3.0.5 | |
| isc | dhcp | 3.0.6 | |
| isc | dhcp | 3.1 | |
| isc | dhcp | 3.1-esv | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.1 | |
| isc | dhcp | 3.1.1 | |
| isc | dhcp | 3.1.1 | |
| isc | dhcp | 3.1.2 | |
| isc | dhcp | 3.1.2 | |
| isc | dhcp | 3.1.2 | |
| isc | dhcp | 3.1.3 | |
| isc | dhcp | 3.1.3 | |
| isc | dhcp | 3.1.3 | |
| isc | dhcp | 4.0 | |
| isc | dhcp | 4.0-esv | |
| isc | dhcp | 4.0.0 | |
| isc | dhcp | 4.0.1 | |
| isc | dhcp | 4.0.1 | |
| isc | dhcp | 4.0.1 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.3 | |
| isc | dhcp | 4.0.3 | |
| isc | dhcp | 4.0.3 | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| debian | debian_linux | 5.0 | |
| debian | debian_linux | 6.0 | |
| debian | debian_linux | 7.0 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 10.10 | |
| canonical | ubuntu_linux | 11.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "648BBC1F-1792-443F-B625-67A05004EB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "EA086AC5-9ADF-4EF9-9534-B1C78CD7A56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1E94449B-6FB0-4E4D-9D92-144A1C474761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc10:*:*:*:*:*:*",
"matchCriteriaId": "6824B249-D222-4F29-8C29-E92071F12621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc11:*:*:*:*:*:*",
"matchCriteriaId": "2F7A3F32-C297-4331-9B8D-1CF8F3D32315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc12:*:*:*:*:*:*",
"matchCriteriaId": "B4959ABA-9F2E-4003-9566-DBE3177AE233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc13:*:*:*:*:*:*",
"matchCriteriaId": "0CE2A3CA-EFB6-4547-BED8-CAC39156F10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc14:*:*:*:*:*:*",
"matchCriteriaId": "5DE205EE-F708-4E4A-A861-EBF6D3C062F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BD8EBBF0-A61B-4FF0-B055-9BA2A21617A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "B3141202-993D-4E80-9EAD-ACA6C1343D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc6:*:*:*:*:*:*",
"matchCriteriaId": "6E0768D1-37D3-4C17-A3A9-94EA237392AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "F167B922-DD9E-4DD1-BB8F-B232711BACCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc8:*:*:*:*:*:*",
"matchCriteriaId": "4E23602E-FFA1-49E2-BF4C-BC5D074517B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc9:*:*:*:*:*:*",
"matchCriteriaId": "8DA200FE-D261-4532-AC63-1208611AFE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "46030C9F-C817-4ACA-A89D-8CCD4DE97B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0A3649A4-BA40-4D8A-AB7C-AE1584459DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9ADC8A14-E847-4CC5-8FA5-522883DE324F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CAA0C26C-9B0A-4ACB-9BD7-413F94948545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2DC6FA47-1F41-465D-8EAD-8116643ADAEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "5D71C1AA-E5F7-454B-9267-FE23E1C2AB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b2:*:*:*:*:*:*",
"matchCriteriaId": "6D521DF6-AED8-40FA-B183-D469100B8B7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b3:*:*:*:*:*:*",
"matchCriteriaId": "BD90F626-AC37-491A-A59D-11307D73E27A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:-:*:*:*:*:*:*",
"matchCriteriaId": "F59B80F0-2FD5-461B-91C7-966BAFB5AB38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b1:*:*:*:*:*:*",
"matchCriteriaId": "34D8DF2C-387B-4880-9832-15583272E151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b2:*:*:*:*:*:*",
"matchCriteriaId": "FD78CE26-475D-4D8B-8625-CAE850F6E876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b3:*:*:*:*:*:*",
"matchCriteriaId": "9338F9AA-41F0-470E-BB49-C1A395376DF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6297233D-6C25-4A10-8F0A-79A8452ABAD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.5:-:*:*:*:*:*:*",
"matchCriteriaId": "0AC6F4D8-DD42-49F6-994C-75EFA888FA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9D5A562-AEB5-41D8-9137-65B3100B1F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5AD8F74D-3F4B-4E25-92C9-D20C63B4B77E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9B9007-1F13-4991-B44C-47D8EB56FB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1-esv:*:*:*:*:*:*:*",
"matchCriteriaId": "B7928AD6-4E2D-414D-A7E2-6DFB559CA1CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CD9AE49C-C152-4D0D-AB08-938F54631909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "7528512B-66EC-4B2C-9158-34199C4A5FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "106F8860-B068-4B68-8734-206BFD401C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a3:*:*:*:*:*:*",
"matchCriteriaId": "240D0880-DC35-41A6-B4F2-F9B73DF4AF59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "6643B661-0253-4036-88D7-AF70B610B627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "EFD04E6D-B418-4BCB-A3A1-CDFDEC271497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7CA10784-1F4A-459B-8FFE-47E9993A63AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "432C01D0-A1F1-4D16-B9B4-D8AAA9D13226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1CF53110-2163-4474-81AC-846E8D502EB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "60FEE70E-514D-4481-A9AE-89FBF9E90AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "B571E882-C976-4156-BE03-96E52EA7463C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "F7A01E62-5C0B-4CB7-B1A3-A60269D901E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D25667FF-3EDC-4238-ADF5-25EFA4D88EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.3:-:*:*:*:*:*:*",
"matchCriteriaId": "B954F84E-1046-4A9F-AF86-7E62FDE88C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "D60C4CBE-C104-4A12-B7DD-AFBB2C1C21AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E4033956-E928-42F7-97E9-A2357CEACEE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "685EB87F-756C-4DBA-A347-171470EA0B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0-esv:*:*:*:*:*:*:*",
"matchCriteriaId": "427C13A1-C73C-4352-902C-2DA3B6C51BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79DA60EA-F94F-4890-BF9E-E142BC219118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "22F98A8C-2C14-40F2-9CA6-FDB909CAB4EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "1F1D4AC8-EF46-4770-88D0-8625CA3B0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FAD5E62F-2C6E-4E78-BDED-1E98F4B6AB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "D90EE731-495C-41B3-B525-CB45392D0190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "09AEAAB7-65FD-4126-A885-813A68B2C942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "BB509C28-72ED-4363-B56A-92D4427FB4E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b3:*:*:*:*:*:*",
"matchCriteriaId": "53F71472-2EC8-441A-B27A-201BEE567717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "584F117E-BDF9-43C5-A870-52EC88855416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "757A6609-79A3-4E52-9CB0-AB830172A69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "3B3EFEAF-F562-488B-9EF4-1467CEF719AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F028BC86-1573-4B86-9976-5F0DA4DB6CC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
"matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r2:*:*:*:*:*:*",
"matchCriteriaId": "A5E2FFC7-6E73-463E-846C-C403E41A2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3:*:*:*:*:*:*",
"matchCriteriaId": "E9D08285-745D-40AB-9A78-F467712CDA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1:*:*:*:*:*:*",
"matchCriteriaId": "1D115F1F-1A3A-4924-AF10-723B3BB0CBB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3120B566-2BB6-4A1F-9ED7-E099E2870919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41B46352-9D4D-4C74-876F-3685016025CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "A91F4FD9-1797-4B9C-AFB8-EC6445119DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "4479C934-BF9A-428F-AD22-41C45B70C546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b2:*:*:*:*:*:*",
"matchCriteriaId": "11EE9507-6827-4CFF-B3B4-9DC4DE3E0B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b3:*:*:*:*:*:*",
"matchCriteriaId": "E6CE1A0F-BE1E-4312-B68F-F09B05929F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17B6DEFA-0977-474A-9871-B03DEE924ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE50853A-BAE7-499B-A3D7-468A08A07BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "150D46FA-873E-4E4F-8192-BCA1076994D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5C6D8D55-DCD2-4E70-B3C6-76F2134DA336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet."
},
{
"lang": "es",
"value": "El servidor en ISC DHCP v3.x y v4.x anterior a v4.2.2, v3.1-ESV anterior a v3.1-ESV-R3, y v4.1-ESV anterior a v4.1-ESV-R3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (salida de demonio) a trav\u00e9s de un paquete BOOTP manipulado."
}
],
"id": "CVE-2011-2749",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-08-15T21:55:02.800",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45582"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45595"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45629"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45639"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45817"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45918"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46780"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1025918"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2292"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-2748"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:128"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1160.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/49120"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1190-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=517665\u0026action=diff"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729382"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://hermes.opensuse.org/messages/11695711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1025918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-2748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1160.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/49120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1190-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=517665\u0026action=diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://hermes.opensuse.org/messages/11695711"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-07 17:13
Modified
2025-04-11 00:51
Severity ?
Summary
ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://ftp.isc.org/isc/dhcp/dhcp-4.0.2-P1-RELNOTES | ||
| cve@mitre.org | http://ftp.isc.org/isc/dhcp/dhcp-4.1.1-P1-RELNOTES | ||
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042843.html | ||
| cve@mitre.org | http://secunia.com/advisories/40116 | ||
| cve@mitre.org | http://www.exploit-db.com/exploits/14185 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2010:114 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/40775 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1024093 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/59222 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://ftp.isc.org/isc/dhcp/dhcp-4.0.2-P1-RELNOTES | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://ftp.isc.org/isc/dhcp/dhcp-4.1.1-P1-RELNOTES | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042843.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/40116 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.exploit-db.com/exploits/14185 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:114 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/40775 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1024093 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/59222 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41B46352-9D4D-4C74-876F-3685016025CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "234EE34E-44F4-45F0-A19A-D369BA5043C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "4479C934-BF9A-428F-AD22-41C45B70C546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b2:*:*:*:*:*:*",
"matchCriteriaId": "11EE9507-6827-4CFF-B3B4-9DC4DE3E0B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b3:*:*:*:*:*:*",
"matchCriteriaId": "E6CE1A0F-BE1E-4312-B68F-F09B05929F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17B6DEFA-0977-474A-9871-B03DEE924ADA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79DA60EA-F94F-4890-BF9E-E142BC219118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CBC3A7C-1025-4DF6-8250-44C38CB52444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "1F1D4AC8-EF46-4770-88D0-8625CA3B0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FAD5E62F-2C6E-4E78-BDED-1E98F4B6AB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "307F45F2-05F6-4391-B961-75043E2D7D25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "09AEAAB7-65FD-4126-A885-813A68B2C942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "BB509C28-72ED-4363-B56A-92D4427FB4E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b3:*:*:*:*:*:*",
"matchCriteriaId": "53F71472-2EC8-441A-B27A-201BEE567717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "584F117E-BDF9-43C5-A870-52EC88855416",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID."
},
{
"lang": "es",
"value": "ISC DHCP v4.1 anterior v4.1.1-P1 y v4.0 anterior v4.0.2-P1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (salida servidor) a trav\u00e9s de un cliente ID zero-length."
}
],
"id": "CVE-2010-2156",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-06-07T17:13:07.327",
"references": [
{
"source": "cve@mitre.org",
"url": "http://ftp.isc.org/isc/dhcp/dhcp-4.0.2-P1-RELNOTES"
},
{
"source": "cve@mitre.org",
"url": "http://ftp.isc.org/isc/dhcp/dhcp-4.1.1-P1-RELNOTES"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042843.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/40116"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/14185"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:114"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/40775"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1024093"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.isc.org/isc/dhcp/dhcp-4.0.2-P1-RELNOTES"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.isc.org/isc/dhcp/dhcp-4.1.1-P1-RELNOTES"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042843.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/40116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/14185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/40775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1024093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59222"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-28 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://kb.isc.org/article/AA-00880/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.isc.org/article/AA-00880/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.2.4 | |
| isc | dhcp | 4.2.4 | |
| isc | dhcp | 4.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFCB588-F1C0-4276-993C-CB0FA2BE21F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE3EE047-6A23-4BFF-9576-9E4CA63BA153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1707B3D-29F7-46C6-8A0A-D776E062FD4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "53551545-041A-456F-BC81-E05A6B3CB198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F3DBB40-638E-4A4B-99B4-534D2564E146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "493B7D92-18A4-4221-AEDD-917404C47E6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "FA0C3173-8630-4613-B1D3-711468FC3749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:p2:*:*:*:*:*:*",
"matchCriteriaId": "F104AD27-0AE0-4853-B19C-1D83070A0DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65689412-A35D-40B9-8671-DE8FF63C3DCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:p1:*:*:*:*:*:*",
"matchCriteriaId": "E85A27A0-A83B-4BBF-A3B8-5219F2053902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0383976E-DF90-4850-A1A3-D1965B50A511",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266."
},
{
"lang": "es",
"value": "libdns en ISC DHCP v4.2.x antes de v4.2.5-P1 permite a los servidores de nombres remotos provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de vectores relacionados con una expresi\u00f3n regular, como lo demuestra un ataque memoria de agotamiento contra un equipo que ejecuta un proceso de dhcpd, un tema relacionado con CVE-2013-2266."
}
],
"id": "CVE-2013-2494",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-28T16:55:01.060",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-00880/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-00880/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-15 03:55
Modified
2025-04-11 00:51
Severity ?
Summary
The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201301-06.xml | ||
| cve@mitre.org | https://deepthought.isc.org/article/AA-00595 | ||
| cve@mitre.org | https://kb.isc.org/article/AA-00705 | ||
| cve@mitre.org | https://www.isc.org/software/dhcp/advisories/cve-2011-4868 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201301-06.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://deepthought.isc.org/article/AA-00595 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.isc.org/article/AA-00705 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.isc.org/software/dhcp/advisories/cve-2011-4868 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | * | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.3 | |
| isc | dhcp | 3.0.3 | |
| isc | dhcp | 3.0.3 | |
| isc | dhcp | 3.0.3 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.5 | |
| isc | dhcp | 3.0.5 | |
| isc | dhcp | 3.0.6 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 4.0.0 | |
| isc | dhcp | 4.0.0 | |
| isc | dhcp | 4.0.0 | |
| isc | dhcp | 4.0.0 | |
| isc | dhcp | 4.0.0 | |
| isc | dhcp | 4.0.0 | |
| isc | dhcp | 4.0.0 | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:*:p1:*:*:*:*:*:*",
"matchCriteriaId": "8387F752-D920-4891-9DCB-4CCDE8461DE5",
"versionEndIncluding": "4.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "648BBC1F-1792-443F-B625-67A05004EB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel1:*:*:*:*:*",
"matchCriteriaId": "CED58016-46F0-4665-985B-DA74FB146F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel10:*:*:*:*:*",
"matchCriteriaId": "60CF9BD0-B2CD-4D37-85AB-BEC48B574EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel11:*:*:*:*:*",
"matchCriteriaId": "F7976068-FF49-4A34-B435-4224E34AEC7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel12:*:*:*:*:*",
"matchCriteriaId": "1509896E-865A-428F-A668-D94538EA172C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel13:*:*:*:*:*",
"matchCriteriaId": "1F9DEF18-F2E7-42BB-A99F-56CB98AD292C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel14:*:*:*:*:*",
"matchCriteriaId": "500BAE2D-BDE3-4960-8CA2-AC37D598F698",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel15:*:*:*:*:*",
"matchCriteriaId": "18D4C846-C7B9-4371-B48E-0C69882EA702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel16:*:*:*:*:*",
"matchCriteriaId": "12482D44-06C6-45EB-83B0-559AF22A7E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel18:*:*:*:*:*",
"matchCriteriaId": "48863BF7-1A7F-4318-BF67-302A34EB4970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel19:*:*:*:*:*",
"matchCriteriaId": "1EAE0593-DA68-4D38-A5D4-0A3F3CB7D47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel2:*:*:*:*:*",
"matchCriteriaId": "46CD08A2-BBB4-4477-AB70-22E938873BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel20:*:*:*:*:*",
"matchCriteriaId": "EF45264F-4E92-47C7-9979-2FDB069A1582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel21:*:*:*:*:*",
"matchCriteriaId": "69FB5D2E-52D4-4010-8CC5-EBC7A89D537A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel22:*:*:*:*:*",
"matchCriteriaId": "ECD650FF-A75F-4E19-A4E1-5EFC937292C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel23:*:*:*:*:*",
"matchCriteriaId": "1A5F1555-CE8D-481B-8F0F-EB6EC36C47F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel24:*:*:*:*:*",
"matchCriteriaId": "FD9DDBA0-77D0-482D-93EE-4F65215BA1B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel3:*:*:*:*:*",
"matchCriteriaId": "1E02470D-1508-4F50-920D-6201F6DF8C3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel4:*:*:*:*:*",
"matchCriteriaId": "B139A35A-D199-4891-90A9-EA8632EDF01D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel5:*:*:*:*:*",
"matchCriteriaId": "511146C2-A7F4-4E43-854B-0ABF7B64449F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel6:*:*:*:*:*",
"matchCriteriaId": "4B685143-F267-40A9-8D7F-CF106F4706D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel7:*:*:*:*:*",
"matchCriteriaId": "605E3131-2AD4-486D-AB0E-9625A00FE13B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel8:*:*:*:*:*",
"matchCriteriaId": "05B1BA61-DF1A-4817-8320-9BB7BA890356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel9:*:*:*:*:*",
"matchCriteriaId": "EE3BC91D-A46B-460E-9736-1EE8B0489B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CB378EB8-45C6-4143-BC15-02C5417E99C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc1:patchlevel1:*:*:*:*:*",
"matchCriteriaId": "DD3851CF-93A4-4478-80DE-EB4FA2AD1C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc10:*:*:*:*:*:*",
"matchCriteriaId": "BBA95784-E478-4476-833E-89F7E1291413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc11:*:*:*:*:*:*",
"matchCriteriaId": "8C32A7F5-AC86-4587-9324-409242EFF21B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc12:*:*:*:*:*:*",
"matchCriteriaId": "06EC71C2-F95C-4633-940F-D21EF03285C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "942778E1-3FF6-4CA9-A309-0C4908FAD0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc2:patchlevel1:*:*:*:*:*",
"matchCriteriaId": "BAA8D5D1-A01C-4209-A399-FE33FEBAC357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0E01CC47-B3B4-4806-9ED3-128A7129D9EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "5FF38786-9928-4582-AA9D-2BC7B93C1A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5AD60A88-B50B-49C2-B5FD-B3AA548E279F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "BA940163-BF8D-4120-AFC4-100AFB493247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "4A19685C-C842-4B58-A2F1-3D777BF30486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "37B6EDC1-EA03-4B5A-82D7-3099F3E243A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc8:patchlevel1:*:*:*:*:*",
"matchCriteriaId": "A17E1A4A-5EFE-4595-9E3D-1668FD16573C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc9:*:*:*:*:*:*",
"matchCriteriaId": "7F6A8E0B-C61F-483C-8FF1-390FD58F80D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD47856E-E679-4F5D-9280-78E0E59AFD0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1E94449B-6FB0-4E4D-9D92-144A1C474761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc10:*:*:*:*:*:*",
"matchCriteriaId": "6824B249-D222-4F29-8C29-E92071F12621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc11:*:*:*:*:*:*",
"matchCriteriaId": "2F7A3F32-C297-4331-9B8D-1CF8F3D32315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc12:*:*:*:*:*:*",
"matchCriteriaId": "B4959ABA-9F2E-4003-9566-DBE3177AE233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc13:*:*:*:*:*:*",
"matchCriteriaId": "0CE2A3CA-EFB6-4547-BED8-CAC39156F10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc14:*:*:*:*:*:*",
"matchCriteriaId": "5DE205EE-F708-4E4A-A861-EBF6D3C062F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BD8EBBF0-A61B-4FF0-B055-9BA2A21617A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "06E8A13B-EC20-43C3-8141-816BADC705BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2BE83F2A-FBE2-4CED-B60E-F1FF5AC446B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "B3141202-993D-4E80-9EAD-ACA6C1343D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc6:*:*:*:*:*:*",
"matchCriteriaId": "6E0768D1-37D3-4C17-A3A9-94EA237392AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "F167B922-DD9E-4DD1-BB8F-B232711BACCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc8:*:*:*:*:*:*",
"matchCriteriaId": "4E23602E-FFA1-49E2-BF4C-BC5D074517B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc9:*:*:*:*:*:*",
"matchCriteriaId": "8DA200FE-D261-4532-AC63-1208611AFE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "91A77DE4-E547-46AB-86C6-360D387953F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0A3649A4-BA40-4D8A-AB7C-AE1584459DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9ADC8A14-E847-4CC5-8FA5-522883DE324F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CAA0C26C-9B0A-4ACB-9BD7-413F94948545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2DC6FA47-1F41-465D-8EAD-8116643ADAEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "88D957D5-8896-49FF-821E-8B5096B1F986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "5D71C1AA-E5F7-454B-9267-FE23E1C2AB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b2:*:*:*:*:*:*",
"matchCriteriaId": "6D521DF6-AED8-40FA-B183-D469100B8B7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b3:*:*:*:*:*:*",
"matchCriteriaId": "BD90F626-AC37-491A-A59D-11307D73E27A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1269D9FF-C497-4FA5-90DA-302A9FC1EB75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b1:*:*:*:*:*:*",
"matchCriteriaId": "34D8DF2C-387B-4880-9832-15583272E151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b2:*:*:*:*:*:*",
"matchCriteriaId": "FD78CE26-475D-4D8B-8625-CAE850F6E876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b3:*:*:*:*:*:*",
"matchCriteriaId": "9338F9AA-41F0-470E-BB49-C1A395376DF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6297233D-6C25-4A10-8F0A-79A8452ABAD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "929CEDEC-6D65-4E1C-97DA-B6BFF3BFEFA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9D5A562-AEB5-41D8-9137-65B3100B1F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5AD8F74D-3F4B-4E25-92C9-D20C63B4B77E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C921FD4C-E274-40C9-AFC8-CB0861889E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "7528512B-66EC-4B2C-9158-34199C4A5FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "106F8860-B068-4B68-8734-206BFD401C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a3:*:*:*:*:*:*",
"matchCriteriaId": "240D0880-DC35-41A6-B4F2-F9B73DF4AF59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "6643B661-0253-4036-88D7-AF70B610B627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "EFD04E6D-B418-4BCB-A3A1-CDFDEC271497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79DA60EA-F94F-4890-BF9E-E142BC219118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "50BE7B3C-59D7-4FA7-A1A2-40B12EBA3832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "3F4BA541-795B-4EC2-AF47-82F331F79A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.0:a3:*:*:*:*:*:*",
"matchCriteriaId": "B89FC09F-EC04-4B40-A797-10A26D15F6D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "4E510E61-0842-45EC-92E2-BE4BD584887A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "E76F0561-864D-4091-8E4F-6C2DA1B77E29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "BB54A820-124E-4106-A55D-19947F32852E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41B46352-9D4D-4C74-876F-3685016025CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "40C764F4-8FAD-477E-92E5-79D234673478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "36045DDB-48C6-48CA-AAAF-A3487EF7A537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "ECA81B95-97B7-4A56-A448-6E5DB6FA5F76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFCB588-F1C0-4276-993C-CB0FA2BE21F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE3EE047-6A23-4BFF-9576-9E4CA63BA153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1707B3D-29F7-46C6-8A0A-D776E062FD4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "53551545-041A-456F-BC81-E05A6B3CB198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F3DBB40-638E-4A4B-99B4-534D2564E146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "493B7D92-18A4-4221-AEDD-917404C47E6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update."
},
{
"lang": "es",
"value": "La funcionalidad de registro en el dhcpd de ISC DHCP anterior a v4.2.3-P2, cuando se utiliza DNS din\u00e1mico (DDNS) y direcciones IPv6, no maneja correctamente la estructura de arrendamiento (lease structure) DHCPv6, permitiendo a atacantes remotos provocar una denegaci\u00f3n de servicio (puntero a NULL y el ca\u00edda del servicio) mediante paquetes especialmente elaborados en relaci\u00f3n con una actualizaci\u00f3n lease-status."
}
],
"id": "CVE-2011-4868",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-15T03:55:12.953",
"references": [
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "cve@mitre.org",
"url": "https://deepthought.isc.org/article/AA-00595"
},
{
"source": "cve@mitre.org",
"url": "https://kb.isc.org/article/AA-00705"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-4868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://deepthought.isc.org/article/AA-00595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://kb.isc.org/article/AA-00705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-4868"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 05:15
Modified
2024-11-21 07:01
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-officer@isc.org | https://kb.isc.org/docs/cve-2022-2929 | Vendor Advisory | |
| security-officer@isc.org | https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html | Mailing List, Third Party Advisory | |
| security-officer@isc.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/ | ||
| security-officer@isc.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/ | ||
| security-officer@isc.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/ | ||
| security-officer@isc.org | https://security.gentoo.org/glsa/202305-22 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.isc.org/docs/cve-2022-2929 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-22 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | * | |
| isc | dhcp | * | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29B372FC-4ADF-480F-82EA-677BA9CE80F9",
"versionEndExcluding": "4.1-esv",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3828370A-E2C3-40C6-A4D4-A0E4FE932AD0",
"versionEndIncluding": "4.4.3",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10:*:*:*:*:*:*",
"matchCriteriaId": "179443DC-4B6A-408A-8BE5-B3E72188F43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_b1:*:*:*:*:*:*",
"matchCriteriaId": "C9BE7736-58CD-468B-84AB-B38C9B254BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_rc1:*:*:*:*:*:*",
"matchCriteriaId": "7EB6F7F0-B2A0-47E3-AD7A-4E7618A36F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10b1:*:*:*:*:*:*",
"matchCriteriaId": "CA5FAE54-1645-4A38-A431-10E67304399A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10rc1:*:*:*:*:*:*",
"matchCriteriaId": "2C0D1A71-CECB-4C86-87F6-EB3741BDF692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11:*:*:*:*:*:*",
"matchCriteriaId": "ADF80D19-3B0A-4A74-944E-F33CCC30EADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_b1:*:*:*:*:*:*",
"matchCriteriaId": "40B21FCB-43A8-4266-934D-ECFF8138F637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc1:*:*:*:*:*:*",
"matchCriteriaId": "69D49F23-9074-49E7-985F-4D93393324CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc2:*:*:*:*:*:*",
"matchCriteriaId": "3F729D1D-7234-4BC2-839B-AE1BB9D16C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11b1:*:*:*:*:*:*",
"matchCriteriaId": "9E01D88D-876D-45FE-B7ED-089DAD801EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4B030B1-F008-4562-93C7-7E1C6D3D00F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11rc2:*:*:*:*:*:*",
"matchCriteriaId": "FF656F5E-B317-4E0C-BF01-EC2A917142DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:*",
"matchCriteriaId": "FBA64EEC-C0C7-4F11-8131-2868691E54DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12-p1:*:*:*:*:*:*",
"matchCriteriaId": "FFD3109A-1D76-4EA7-BF39-0B203AD945CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_b1:*:*:*:*:*:*",
"matchCriteriaId": "157520D7-AE39-4E23-A8CF-DD75EA78C055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_p1:*:*:*:*:*:*",
"matchCriteriaId": "B07118EC-9508-42B8-8D09-5CE310DA2B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12b1:*:*:*:*:*:*",
"matchCriteriaId": "2156D1BC-90AE-4AF3-964C-DAC7DCE14A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13:*:*:*:*:*:*",
"matchCriteriaId": "A157E664-6ACE-44CE-AC07-64898B182EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13_b1:*:*:*:*:*:*",
"matchCriteriaId": "0056BF7A-4A70-4F1D-89C2-25CCDB65217B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13b1:*:*:*:*:*:*",
"matchCriteriaId": "BA8ADA07-94FA-4014-AF70-8FCAF5F0DB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14:*:*:*:*:*:*",
"matchCriteriaId": "1D21F05D-246F-41F5-81FD-286C26168E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14_b1:*:*:*:*:*:*",
"matchCriteriaId": "12103C87-C942-481A-A68C-7BC83F964C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14b1:*:*:*:*:*:*",
"matchCriteriaId": "A2E0124D-6330-4013-8145-4309FDAE60A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15:*:*:*:*:*:*",
"matchCriteriaId": "924E91FF-495F-4963-827F-57F7340C6560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15-p1:*:*:*:*:*:*",
"matchCriteriaId": "3BC02748-557A-4131-A372-D99B62B4B93B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15_b1:*:*:*:*:*:*",
"matchCriteriaId": "76A11284-3D81-45F0-8055-17282945C14F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r16:*:*:*:*:*:*",
"matchCriteriaId": "98431CF5-D4C2-4FCF-BA81-0BBB631546D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r16-p1:*:*:*:*:*:*",
"matchCriteriaId": "FEA9F857-B59F-4D2D-8F7B-0D1BF08E9712",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In ISC DHCP 1.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory."
},
{
"lang": "es",
"value": "En ISC DHCP versiones 1.0 anteriores a 4.4.3, ISC DHCP versiones 4.1-ESV-R1 anteriores a 4.1-ESV-R16-P1, un sistema con acceso a un servidor DHCP, enviando paquetes DHCP dise\u00f1ados para incluir etiquetas fqdn de m\u00e1s de 63 bytes, podr\u00eda llegar a causar a el servidor quedarse sin memoria"
}
],
"id": "CVE-2022-2929",
"lastModified": "2024-11-21T07:01:56.337",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-officer@isc.org",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-10-07T05:15:11.320",
"references": [
{
"source": "security-officer@isc.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/cve-2022-2929"
},
{
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"
},
{
"source": "security-officer@isc.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"
},
{
"source": "security-officer@isc.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"
},
{
"source": "security-officer@isc.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"
},
{
"source": "security-officer@isc.org",
"url": "https://security.gentoo.org/glsa/202305-22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/cve-2022-2929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"sourceIdentifier": "security-officer@isc.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-25 10:42
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2012-1141.html | Third Party Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201301-06.xml | Third Party Advisory | |
| cve@mitre.org | http://www.debian.org/security/2012/dsa-2516 | Third Party Advisory | |
| cve@mitre.org | http://www.debian.org/security/2012/dsa-2519 | Third Party Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2012:115 | Third Party Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2012:116 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/54665 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1027300 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/USN-1519-1 | Third Party Advisory | |
| cve@mitre.org | https://kb.isc.org/article/AA-00737 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2012-1141.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201301-06.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2012/dsa-2516 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2012/dsa-2519 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2012:115 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2012:116 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/54665 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1027300 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1519-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.isc.org/article/AA-00737 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.2.4 | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| debian | debian_linux | 6.0 | |
| debian | debian_linux | 7.0 | |
| canonical | ubuntu_linux | 11.04 | |
| canonical | ubuntu_linux | 11.10 | |
| canonical | ubuntu_linux | 12.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "78214BCE-9739-40B9-A32E-89C16F7195DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "40C764F4-8FAD-477E-92E5-79D234673478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "36045DDB-48C6-48CA-AAAF-A3487EF7A537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "ECA81B95-97B7-4A56-A448-6E5DB6FA5F76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "A91F4FD9-1797-4B9C-AFB8-EC6445119DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "4479C934-BF9A-428F-AD22-41C45B70C546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b2:*:*:*:*:*:*",
"matchCriteriaId": "11EE9507-6827-4CFF-B3B4-9DC4DE3E0B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b3:*:*:*:*:*:*",
"matchCriteriaId": "E6CE1A0F-BE1E-4312-B68F-F09B05929F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17B6DEFA-0977-474A-9871-B03DEE924ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "09F19067-DD99-4B26-8125-0801459ED6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "9B63D409-60F5-4AB9-A576-8672D42E071E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "CA5D825C-B72A-44F5-AF24-4F3200881ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9A1C3F3E-CFB2-40F2-89F4-735AAE042F65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "150D46FA-873E-4E4F-8192-BCA1076994D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5C6D8D55-DCD2-4E70-B3C6-76F2134DA336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:-:*:*:*:*:*:*",
"matchCriteriaId": "5E91F700-F59A-491F-BA99-53EC79E573D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "53551545-041A-456F-BC81-E05A6B3CB198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F3DBB40-638E-4A4B-99B4-534D2564E146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:-:*:*:*:*:*:*",
"matchCriteriaId": "0B921430-F03C-42DB-A362-562136B01445",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "FA0C3173-8630-4613-B1D3-711468FC3749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:p2:*:*:*:*:*:*",
"matchCriteriaId": "F104AD27-0AE0-4853-B19C-1D83070A0DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65689412-A35D-40B9-8671-DE8FF63C3DCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
"matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r2:*:*:*:*:*:*",
"matchCriteriaId": "A5E2FFC7-6E73-463E-846C-C403E41A2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3:*:*:*:*:*:*",
"matchCriteriaId": "E9D08285-745D-40AB-9A78-F467712CDA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1:*:*:*:*:*:*",
"matchCriteriaId": "1D115F1F-1A3A-4924-AF10-723B3BB0CBB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r4:*:*:*:*:*:*",
"matchCriteriaId": "79F235F0-AD16-4E5B-AB60-97F0BB86AEB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5:*:*:*:*:*:*",
"matchCriteriaId": "E84D5E5B-0336-4166-AAAC-49375E3AF971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_b1:*:*:*:*:*:*",
"matchCriteriaId": "09561C97-563C-4DDC-9EE4-E83EFFD467D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc1:*:*:*:*:*:*",
"matchCriteriaId": "519CF0CC-FB12-4C68-88A0-E0E15738C620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc2:*:*:*:*:*:*",
"matchCriteriaId": "80EB131E-32E5-458F-8DDA-48835D2D883F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3120B566-2BB6-4A1F-9ED7-E099E2870919",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests."
},
{
"lang": "es",
"value": "M\u00faltiples fugas de memoria en ISC DHCP 4.1.x y 4.2.x anterior a 4.2.4-P1 y 4.1-ESV anterior a 4.1-ESV-R6, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria) mediante el env\u00edo de multitud de peticiones."
}
],
"id": "CVE-2012-3954",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-25T10:42:35.913",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/54665"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1027300"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-00737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/54665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1027300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-00737"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-14 22:59
Modified
2025-04-12 10:46
Severity ?
Summary
ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.debian.org/security/2016/dsa-3442 | Third Party Advisory | |
| cve@mitre.org | http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/80703 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1034657 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/USN-2868-1 | Third Party Advisory | |
| cve@mitre.org | https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/ | Third Party Advisory | |
| cve@mitre.org | https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/ | Third Party Advisory | |
| cve@mitre.org | https://kb.isc.org/article/AA-01334 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2016/dsa-3442 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/80703 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034657 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2868-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.isc.org/article/AA-01334 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sophos | unified_threat_management_up2date | * | |
| sophos | unified_threat_management_up2date | * | |
| isc | dhcp | 4.0.0 | |
| isc | dhcp | 4.0.1 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.3 | |
| isc | dhcp | 4.0.3 | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.2.4 | |
| isc | dhcp | 4.2.4 | |
| isc | dhcp | 4.2.4 | |
| isc | dhcp | 4.2.4 | |
| isc | dhcp | 4.2.4 | |
| isc | dhcp | 4.2.4 | |
| isc | dhcp | 4.2.5 | |
| isc | dhcp | 4.2.5 | |
| isc | dhcp | 4.2.5 | |
| isc | dhcp | 4.2.5 | |
| isc | dhcp | 4.2.6 | |
| isc | dhcp | 4.2.6 | |
| isc | dhcp | 4.2.6 | |
| isc | dhcp | 4.2.7 | |
| isc | dhcp | 4.2.7 | |
| isc | dhcp | 4.2.7 | |
| isc | dhcp | 4.2.8 | |
| isc | dhcp | 4.2.8 | |
| isc | dhcp | 4.2.8 | |
| isc | dhcp | 4.2.8 | |
| isc | dhcp | 4.3.0 | |
| isc | dhcp | 4.3.0 | |
| isc | dhcp | 4.3.0 | |
| isc | dhcp | 4.3.0 | |
| isc | dhcp | 4.3.1 | |
| isc | dhcp | 4.3.1 | |
| isc | dhcp | 4.3.1 | |
| isc | dhcp | 4.3.2 | |
| isc | dhcp | 4.3.2 | |
| isc | dhcp | 4.3.2 | |
| isc | dhcp | 4.3.2 | |
| isc | dhcp | 4.3.3 | |
| isc | dhcp | 4.3.3 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.04 | |
| canonical | ubuntu_linux | 15.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sophos:unified_threat_management_up2date:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2A62A0-5181-4919-A689-27634634FE67",
"versionEndIncluding": "9.318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sophos:unified_threat_management_up2date:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E22C98-BA1F-4B29-AD13-3C932759E0AC",
"versionEndIncluding": "9.353",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79DA60EA-F94F-4890-BF9E-E142BC219118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CBC3A7C-1025-4DF6-8250-44C38CB52444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "D90EE731-495C-41B3-B525-CB45392D0190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "81CE9ABB-6FAD-4830-BA4B-ABBF39051CC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "757A6609-79A3-4E52-9CB0-AB830172A69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F028BC86-1573-4B86-9976-5F0DA4DB6CC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
"matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10:*:*:*:*:*:*",
"matchCriteriaId": "179443DC-4B6A-408A-8BE5-B3E72188F43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_b1:*:*:*:*:*:*",
"matchCriteriaId": "C9BE7736-58CD-468B-84AB-B38C9B254BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_b1:*:*:*:*:*:*",
"matchCriteriaId": "40B21FCB-43A8-4266-934D-ECFF8138F637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc1:*:*:*:*:*:*",
"matchCriteriaId": "69D49F23-9074-49E7-985F-4D93393324CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc2:*:*:*:*:*:*",
"matchCriteriaId": "3F729D1D-7234-4BC2-839B-AE1BB9D16C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:*",
"matchCriteriaId": "FBA64EEC-C0C7-4F11-8131-2868691E54DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_b1:*:*:*:*:*:*",
"matchCriteriaId": "157520D7-AE39-4E23-A8CF-DD75EA78C055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r2:*:*:*:*:*:*",
"matchCriteriaId": "A5E2FFC7-6E73-463E-846C-C403E41A2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3:*:*:*:*:*:*",
"matchCriteriaId": "E9D08285-745D-40AB-9A78-F467712CDA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1:*:*:*:*:*:*",
"matchCriteriaId": "1D115F1F-1A3A-4924-AF10-723B3BB0CBB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r4:*:*:*:*:*:*",
"matchCriteriaId": "79F235F0-AD16-4E5B-AB60-97F0BB86AEB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5:*:*:*:*:*:*",
"matchCriteriaId": "E84D5E5B-0336-4166-AAAC-49375E3AF971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_b1:*:*:*:*:*:*",
"matchCriteriaId": "09561C97-563C-4DDC-9EE4-E83EFFD467D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc1:*:*:*:*:*:*",
"matchCriteriaId": "519CF0CC-FB12-4C68-88A0-E0E15738C620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc2:*:*:*:*:*:*",
"matchCriteriaId": "80EB131E-32E5-458F-8DDA-48835D2D883F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r6:*:*:*:*:*:*",
"matchCriteriaId": "65E0296F-3522-4B43-AF34-CFE1AE7EEC1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r7:*:*:*:*:*:*",
"matchCriteriaId": "69F6E619-A52B-4A60-8247-41ADD0E7D655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8:*:*:*:*:*:*",
"matchCriteriaId": "AA48EBAA-10B7-43D6-9A27-99F2578DF7F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8_b1:*:*:*:*:*:*",
"matchCriteriaId": "20040BB3-F157-4505-BB60-0D919A7D1436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8_rc1:*:*:*:*:*:*",
"matchCriteriaId": "974A8587-8351-490A-82D9-B541862CA4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9:*:*:*:*:*:*",
"matchCriteriaId": "7DABD43E-818A-4B21-B4E7-753056D4A184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9_b1:*:*:*:*:*:*",
"matchCriteriaId": "EE991D0E-2E2D-4844-9BBD-235D8BC5FB7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9_rc1:*:*:*:*:*:*",
"matchCriteriaId": "975EF88C-988F-40A6-B7D1-D27439144CC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "78214BCE-9739-40B9-A32E-89C16F7195DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "A91F4FD9-1797-4B9C-AFB8-EC6445119DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:p1:*:*:*:*:*:*",
"matchCriteriaId": "F92474BB-7CC0-47EE-A608-190F70AAFE41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "09F19067-DD99-4B26-8125-0801459ED6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "9B63D409-60F5-4AB9-A576-8672D42E071E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "CA5D825C-B72A-44F5-AF24-4F3200881ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9A1C3F3E-CFB2-40F2-89F4-735AAE042F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "150D46FA-873E-4E4F-8192-BCA1076994D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "6CE0BBF8-7FB8-44DD-8C6B-30A657BA9EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5C6D8D55-DCD2-4E70-B3C6-76F2134DA336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:p1:*:*:*:*:*:*",
"matchCriteriaId": "B3AF9E2C-E0BC-427C-9F13-BCB15916F5B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:-:*:*:*:*:*:*",
"matchCriteriaId": "5E91F700-F59A-491F-BA99-53EC79E573D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "53551545-041A-456F-BC81-E05A6B3CB198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F3DBB40-638E-4A4B-99B4-534D2564E146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:-:*:*:*:*:*:*",
"matchCriteriaId": "0B921430-F03C-42DB-A362-562136B01445",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "FA0C3173-8630-4613-B1D3-711468FC3749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:p2:*:*:*:*:*:*",
"matchCriteriaId": "F104AD27-0AE0-4853-B19C-1D83070A0DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:-:*:*:*:*:*:*",
"matchCriteriaId": "4A290541-BF9E-4E18-A941-0ACC40509A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:b1:*:*:*:*:*:*",
"matchCriteriaId": "F13E1B0F-5731-4949-9D35-497D1D49882C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:p1:*:*:*:*:*:*",
"matchCriteriaId": "E85A27A0-A83B-4BBF-A3B8-5219F2053902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:p2:*:*:*:*:*:*",
"matchCriteriaId": "50D601E4-C5EF-4A6E-9EF8-FB9E24D5C6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ADDDFFB6-046E-407E-9B2E-D4BC18D416CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "042495FE-3E6A-4602-8E5A-8F4BBD9E3245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.5:-:*:*:*:*:*:*",
"matchCriteriaId": "331D2BBF-858F-49E8-AD2A-01668848F5D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.5:b1:*:*:*:*:*:*",
"matchCriteriaId": "5EDCDDC5-6A8F-490B-BFB9-094259A7AF9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.5:p1:*:*:*:*:*:*",
"matchCriteriaId": "5368A7D2-4709-4302-8EB9-D1A16449E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A368842A-E2A8-4689-A6CA-2349AAF55EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.6:-:*:*:*:*:*:*",
"matchCriteriaId": "3DC8FB80-A6CA-46C7-B5CE-FD6B0BD4CF4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.6:b1:*:*:*:*:*:*",
"matchCriteriaId": "9C602DE3-F326-4810-81D9-21CED82D400A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA0D6DF6-039F-44FA-9B6B-6ED0A0D898A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ACBB8D6D-6523-47BF-8BA2-3AA58A93091D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.7:b1:*:*:*:*:*:*",
"matchCriteriaId": "DCB3FA8B-597A-4E27-8CC6-D1B164C6A99F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2A331218-0BD5-4084-B1B7-A002A7FCDADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B9253A7A-2980-4910-99D0-CFA8A5AF1C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.8:b1:*:*:*:*:*:*",
"matchCriteriaId": "7F7B441D-4E20-41B7-8B21-39FCC5E80976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "422B12D1-8395-47F1-8A4F-AA964C1AA9E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1CC2583E-F9E7-4FB1-B59C-070458E4C228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3BB3F688-0DCC-4E19-87C8-1511BBA27A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "90FE2884-4468-4D56-9929-C799FA7BF119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "B02C7E44-2F8B-40D7-B57A-5B78A6BD891F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "80DC9586-9846-4E61-82F4-F0FF1A61F89C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "735B3054-DAE3-4F4D-8804-0615A009E05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "43235DDF-B8E1-48F5-906F-F1100F29DEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C279D9B3-A774-4D4F-A52B-22CE633ACDE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F58E090-C22E-4907-9AA3-D9D36CF4CD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0241F629-A09E-4CC7-B6A5-48E041C2C390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "570BB5C3-CA10-4440-917E-4E88BDDD5656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "50C6B9BB-136F-4F79-A329-DE8F361EF00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9784E8F1-6CC4-4A36-8010-A09A52811DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "632B45FA-D76A-4EB6-A208-225B560845FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet."
},
{
"lang": "es",
"value": "ISC DHCP 4.x en versiones anteriores a 4.1-ESV-R12-P1, 4.2.x y 4.3.x en versiones anteriores a 4.3.3-P1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de una longitud de campo no v\u00e1lida en un paquete UDP IPv4."
}
],
"id": "CVE-2015-8605",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-14T22:59:00.077",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3442"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/80703"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034657"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2868-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-01334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/80703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2868-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-01334"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-03-09 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.html | Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.html | Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2016-07/msg00066.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2016-2590.html | Third Party Advisory | |
| cve@mitre.org | http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/84208 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1035196 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://kb.isc.org/article/AA-01354 | Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/11/msg00023.html | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3586-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2016-07/msg00066.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2016-2590.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/84208 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1035196 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.isc.org/article/AA-01354 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/11/msg00023.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3586-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.2.4 | |
| isc | dhcp | 4.2.4 | |
| isc | dhcp | 4.2.4 | |
| isc | dhcp | 4.2.4 | |
| isc | dhcp | 4.2.4 | |
| isc | dhcp | 4.2.4 | |
| isc | dhcp | 4.2.5 | |
| isc | dhcp | 4.2.5 | |
| isc | dhcp | 4.2.5 | |
| isc | dhcp | 4.2.5 | |
| isc | dhcp | 4.2.6 | |
| isc | dhcp | 4.2.6 | |
| isc | dhcp | 4.2.6 | |
| isc | dhcp | 4.2.7 | |
| isc | dhcp | 4.2.7 | |
| isc | dhcp | 4.2.7 | |
| isc | dhcp | 4.2.8 | |
| isc | dhcp | 4.2.8 | |
| isc | dhcp | 4.2.8 | |
| isc | dhcp | 4.2.8 | |
| isc | dhcp | 4.3.0 | |
| isc | dhcp | 4.3.0 | |
| isc | dhcp | 4.3.0 | |
| isc | dhcp | 4.3.0 | |
| isc | dhcp | 4.3.1 | |
| isc | dhcp | 4.3.1 | |
| isc | dhcp | 4.3.1 | |
| isc | dhcp | 4.3.2 | |
| isc | dhcp | 4.3.2 | |
| isc | dhcp | 4.3.2 | |
| isc | dhcp | 4.3.2 | |
| isc | dhcp | 4.3.3 | |
| isc | dhcp | 4.3.3 | |
| debian | debian_linux | 8.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
"matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10:*:*:*:*:*:*",
"matchCriteriaId": "179443DC-4B6A-408A-8BE5-B3E72188F43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_b1:*:*:*:*:*:*",
"matchCriteriaId": "C9BE7736-58CD-468B-84AB-B38C9B254BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_b1:*:*:*:*:*:*",
"matchCriteriaId": "40B21FCB-43A8-4266-934D-ECFF8138F637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc1:*:*:*:*:*:*",
"matchCriteriaId": "69D49F23-9074-49E7-985F-4D93393324CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc2:*:*:*:*:*:*",
"matchCriteriaId": "3F729D1D-7234-4BC2-839B-AE1BB9D16C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:*",
"matchCriteriaId": "FBA64EEC-C0C7-4F11-8131-2868691E54DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_b1:*:*:*:*:*:*",
"matchCriteriaId": "157520D7-AE39-4E23-A8CF-DD75EA78C055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r2:*:*:*:*:*:*",
"matchCriteriaId": "A5E2FFC7-6E73-463E-846C-C403E41A2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3:*:*:*:*:*:*",
"matchCriteriaId": "E9D08285-745D-40AB-9A78-F467712CDA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1:*:*:*:*:*:*",
"matchCriteriaId": "1D115F1F-1A3A-4924-AF10-723B3BB0CBB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r4:*:*:*:*:*:*",
"matchCriteriaId": "79F235F0-AD16-4E5B-AB60-97F0BB86AEB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5:*:*:*:*:*:*",
"matchCriteriaId": "E84D5E5B-0336-4166-AAAC-49375E3AF971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_b1:*:*:*:*:*:*",
"matchCriteriaId": "09561C97-563C-4DDC-9EE4-E83EFFD467D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc1:*:*:*:*:*:*",
"matchCriteriaId": "519CF0CC-FB12-4C68-88A0-E0E15738C620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc2:*:*:*:*:*:*",
"matchCriteriaId": "80EB131E-32E5-458F-8DDA-48835D2D883F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r6:*:*:*:*:*:*",
"matchCriteriaId": "65E0296F-3522-4B43-AF34-CFE1AE7EEC1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r7:*:*:*:*:*:*",
"matchCriteriaId": "69F6E619-A52B-4A60-8247-41ADD0E7D655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8:*:*:*:*:*:*",
"matchCriteriaId": "AA48EBAA-10B7-43D6-9A27-99F2578DF7F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8_b1:*:*:*:*:*:*",
"matchCriteriaId": "20040BB3-F157-4505-BB60-0D919A7D1436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8_rc1:*:*:*:*:*:*",
"matchCriteriaId": "974A8587-8351-490A-82D9-B541862CA4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9:*:*:*:*:*:*",
"matchCriteriaId": "7DABD43E-818A-4B21-B4E7-753056D4A184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9_b1:*:*:*:*:*:*",
"matchCriteriaId": "EE991D0E-2E2D-4844-9BBD-235D8BC5FB7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9_rc1:*:*:*:*:*:*",
"matchCriteriaId": "975EF88C-988F-40A6-B7D1-D27439144CC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3120B566-2BB6-4A1F-9ED7-E099E2870919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "78214BCE-9739-40B9-A32E-89C16F7195DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "40C764F4-8FAD-477E-92E5-79D234673478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "36045DDB-48C6-48CA-AAAF-A3487EF7A537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "ECA81B95-97B7-4A56-A448-6E5DB6FA5F76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "A91F4FD9-1797-4B9C-AFB8-EC6445119DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "4479C934-BF9A-428F-AD22-41C45B70C546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b2:*:*:*:*:*:*",
"matchCriteriaId": "11EE9507-6827-4CFF-B3B4-9DC4DE3E0B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b3:*:*:*:*:*:*",
"matchCriteriaId": "E6CE1A0F-BE1E-4312-B68F-F09B05929F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:p1:*:*:*:*:*:*",
"matchCriteriaId": "F92474BB-7CC0-47EE-A608-190F70AAFE41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17B6DEFA-0977-474A-9871-B03DEE924ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "09F19067-DD99-4B26-8125-0801459ED6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "9B63D409-60F5-4AB9-A576-8672D42E071E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "CA5D825C-B72A-44F5-AF24-4F3200881ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9A1C3F3E-CFB2-40F2-89F4-735AAE042F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "150D46FA-873E-4E4F-8192-BCA1076994D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "6CE0BBF8-7FB8-44DD-8C6B-30A657BA9EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5C6D8D55-DCD2-4E70-B3C6-76F2134DA336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:p1:*:*:*:*:*:*",
"matchCriteriaId": "B3AF9E2C-E0BC-427C-9F13-BCB15916F5B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:-:*:*:*:*:*:*",
"matchCriteriaId": "5E91F700-F59A-491F-BA99-53EC79E573D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "53551545-041A-456F-BC81-E05A6B3CB198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F3DBB40-638E-4A4B-99B4-534D2564E146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:-:*:*:*:*:*:*",
"matchCriteriaId": "0B921430-F03C-42DB-A362-562136B01445",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "FA0C3173-8630-4613-B1D3-711468FC3749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:p2:*:*:*:*:*:*",
"matchCriteriaId": "F104AD27-0AE0-4853-B19C-1D83070A0DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:-:*:*:*:*:*:*",
"matchCriteriaId": "4A290541-BF9E-4E18-A941-0ACC40509A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:b1:*:*:*:*:*:*",
"matchCriteriaId": "F13E1B0F-5731-4949-9D35-497D1D49882C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:p1:*:*:*:*:*:*",
"matchCriteriaId": "E85A27A0-A83B-4BBF-A3B8-5219F2053902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:p2:*:*:*:*:*:*",
"matchCriteriaId": "50D601E4-C5EF-4A6E-9EF8-FB9E24D5C6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ADDDFFB6-046E-407E-9B2E-D4BC18D416CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "042495FE-3E6A-4602-8E5A-8F4BBD9E3245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.5:-:*:*:*:*:*:*",
"matchCriteriaId": "331D2BBF-858F-49E8-AD2A-01668848F5D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.5:b1:*:*:*:*:*:*",
"matchCriteriaId": "5EDCDDC5-6A8F-490B-BFB9-094259A7AF9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.5:p1:*:*:*:*:*:*",
"matchCriteriaId": "5368A7D2-4709-4302-8EB9-D1A16449E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A368842A-E2A8-4689-A6CA-2349AAF55EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.6:-:*:*:*:*:*:*",
"matchCriteriaId": "3DC8FB80-A6CA-46C7-B5CE-FD6B0BD4CF4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.6:b1:*:*:*:*:*:*",
"matchCriteriaId": "9C602DE3-F326-4810-81D9-21CED82D400A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA0D6DF6-039F-44FA-9B6B-6ED0A0D898A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.7:-:*:*:*:*:*:*",
"matchCriteriaId": "01318107-989F-4800-9E30-F89424836D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.7:b1:*:*:*:*:*:*",
"matchCriteriaId": "DCB3FA8B-597A-4E27-8CC6-D1B164C6A99F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2A331218-0BD5-4084-B1B7-A002A7FCDADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "CD8082FC-3004-4A18-AA49-67FB49E33E78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.8:b1:*:*:*:*:*:*",
"matchCriteriaId": "7F7B441D-4E20-41B7-8B21-39FCC5E80976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "422B12D1-8395-47F1-8A4F-AA964C1AA9E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1CC2583E-F9E7-4FB1-B59C-070458E4C228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "368D2368-FC25-419A-B309-400D790DF54F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "90FE2884-4468-4D56-9929-C799FA7BF119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "B02C7E44-2F8B-40D7-B57A-5B78A6BD891F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "80DC9586-9846-4E61-82F4-F0FF1A61F89C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.1:-:*:*:*:*:*:*",
"matchCriteriaId": "745B6602-696B-4ED8-9D62-D236DA5159AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "43235DDF-B8E1-48F5-906F-F1100F29DEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C279D9B3-A774-4D4F-A52B-22CE633ACDE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "EC991ABB-E23E-46E4-9D8A-3E351ADE282A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0241F629-A09E-4CC7-B6A5-48E041C2C390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "570BB5C3-CA10-4440-917E-4E88BDDD5656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "50C6B9BB-136F-4F79-A329-DE8F361EF00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.3:-:*:*:*:*:*:*",
"matchCriteriaId": "7AED2A3E-E969-4AC0-8928-9E53A07078BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "632B45FA-D76A-4EB6-A208-225B560845FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions."
},
{
"lang": "es",
"value": "ISC DHCP 4.1.x en versiones anteriores a 4.1-ESV-R13 y 4.2.x y 4.3.x en versiones anteriores a 4.3.4 no restringe el n\u00famero de sesiones TCP concurrentes, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (fallo de aserci\u00f3n INSIST o interrupci\u00f3n de procesamiento de petici\u00f3n) estableciendo muchas sesiones."
}
],
"id": "CVE-2016-2774",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-03-09T15:59:00.147",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00066.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2590.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/84208"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035196"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-01354"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00023.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2590.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/84208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-01354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3586-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-26 22:15
Modified
2024-11-21 05:54
Severity ?
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-officer@isc.org | http://www.openwall.com/lists/oss-security/2021/05/26/6 | Mailing List, Patch, Third Party Advisory | |
| security-officer@isc.org | https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf | Patch, Third Party Advisory | |
| security-officer@isc.org | https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf | Patch, Third Party Advisory | |
| security-officer@isc.org | https://kb.isc.org/docs/cve-2021-25217 | Exploit, Vendor Advisory | |
| security-officer@isc.org | https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html | Mailing List, Third Party Advisory | |
| security-officer@isc.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QI4DYC7J4BGHEW3NH4XHMWTHYC36UK4/ | ||
| security-officer@isc.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LB42JWIV4M4WDNXX5VGIP26FEYWKIF/ | ||
| security-officer@isc.org | https://security.gentoo.org/glsa/202305-22 | ||
| security-officer@isc.org | https://security.netapp.com/advisory/ntap-20220325-0011/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2021/05/26/6 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.isc.org/docs/cve-2021-25217 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QI4DYC7J4BGHEW3NH4XHMWTHYC36UK4/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LB42JWIV4M4WDNXX5VGIP26FEYWKIF/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-22 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220325-0011/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | * | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| debian | debian_linux | 9.0 | |
| siemens | ruggedcom_rox_rx1400_firmware | * | |
| siemens | ruggedcom_rox_rx1400 | - | |
| siemens | ruggedcom_rox_rx1500_firmware | * | |
| siemens | ruggedcom_rox_rx1500 | - | |
| siemens | ruggedcom_rox_rx1501_firmware | * | |
| siemens | ruggedcom_rox_rx1501 | - | |
| siemens | ruggedcom_rox_rx1510_firmware | * | |
| siemens | ruggedcom_rox_rx1510 | - | |
| siemens | ruggedcom_rox_rx1511_firmware | * | |
| siemens | ruggedcom_rox_rx1511 | - | |
| siemens | ruggedcom_rox_rx1512_firmware | * | |
| siemens | ruggedcom_rox_rx1512 | - | |
| siemens | ruggedcom_rox_rx1524_firmware | * | |
| siemens | ruggedcom_rox_rx1524 | - | |
| siemens | ruggedcom_rox_rx1536_firmware | * | |
| siemens | ruggedcom_rox_rx1536 | - | |
| siemens | ruggedcom_rox_rx5000_firmware | * | |
| siemens | ruggedcom_rox_rx5000 | - | |
| siemens | ruggedcom_rox_mx5000_firmware | * | |
| siemens | ruggedcom_rox_mx5000 | - | |
| netapp | ontap_select_deploy_administration_utility | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| siemens | sinec_ins | * | |
| siemens | sinec_ins | 1.0 | |
| siemens | sinec_ins | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "106A3E98-3D4B-47F7-80AD-49A47A7B20D6",
"versionEndIncluding": "4.4.2",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10:*:*:*:*:*:*",
"matchCriteriaId": "179443DC-4B6A-408A-8BE5-B3E72188F43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_b1:*:*:*:*:*:*",
"matchCriteriaId": "C9BE7736-58CD-468B-84AB-B38C9B254BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_rc1:*:*:*:*:*:*",
"matchCriteriaId": "7EB6F7F0-B2A0-47E3-AD7A-4E7618A36F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10b1:*:*:*:*:*:*",
"matchCriteriaId": "CA5FAE54-1645-4A38-A431-10E67304399A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10rc1:*:*:*:*:*:*",
"matchCriteriaId": "2C0D1A71-CECB-4C86-87F6-EB3741BDF692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11:*:*:*:*:*:*",
"matchCriteriaId": "ADF80D19-3B0A-4A74-944E-F33CCC30EADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_b1:*:*:*:*:*:*",
"matchCriteriaId": "40B21FCB-43A8-4266-934D-ECFF8138F637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc1:*:*:*:*:*:*",
"matchCriteriaId": "69D49F23-9074-49E7-985F-4D93393324CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc2:*:*:*:*:*:*",
"matchCriteriaId": "3F729D1D-7234-4BC2-839B-AE1BB9D16C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11b1:*:*:*:*:*:*",
"matchCriteriaId": "9E01D88D-876D-45FE-B7ED-089DAD801EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4B030B1-F008-4562-93C7-7E1C6D3D00F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11rc2:*:*:*:*:*:*",
"matchCriteriaId": "FF656F5E-B317-4E0C-BF01-EC2A917142DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:*",
"matchCriteriaId": "FBA64EEC-C0C7-4F11-8131-2868691E54DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12-p1:*:*:*:*:*:*",
"matchCriteriaId": "FFD3109A-1D76-4EA7-BF39-0B203AD945CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_b1:*:*:*:*:*:*",
"matchCriteriaId": "157520D7-AE39-4E23-A8CF-DD75EA78C055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_p1:*:*:*:*:*:*",
"matchCriteriaId": "B07118EC-9508-42B8-8D09-5CE310DA2B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12b1:*:*:*:*:*:*",
"matchCriteriaId": "2156D1BC-90AE-4AF3-964C-DAC7DCE14A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13:*:*:*:*:*:*",
"matchCriteriaId": "A157E664-6ACE-44CE-AC07-64898B182EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13_b1:*:*:*:*:*:*",
"matchCriteriaId": "0056BF7A-4A70-4F1D-89C2-25CCDB65217B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13b1:*:*:*:*:*:*",
"matchCriteriaId": "BA8ADA07-94FA-4014-AF70-8FCAF5F0DB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14:*:*:*:*:*:*",
"matchCriteriaId": "1D21F05D-246F-41F5-81FD-286C26168E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14_b1:*:*:*:*:*:*",
"matchCriteriaId": "12103C87-C942-481A-A68C-7BC83F964C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14b1:*:*:*:*:*:*",
"matchCriteriaId": "A2E0124D-6330-4013-8145-4309FDAE60A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15:*:*:*:*:*:*",
"matchCriteriaId": "924E91FF-495F-4963-827F-57F7340C6560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15-p1:*:*:*:*:*:*",
"matchCriteriaId": "3BC02748-557A-4131-A372-D99B62B4B93B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15_b1:*:*:*:*:*:*",
"matchCriteriaId": "76A11284-3D81-45F0-8055-17282945C14F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r16:*:*:*:*:*:*",
"matchCriteriaId": "98431CF5-D4C2-4FCF-BA81-0BBB631546D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC90F7B5-81FB-43C5-8658-78589F26A4B2",
"versionEndExcluding": "2.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14720DF0-EBA3-4173-9472-163EBC688586",
"versionEndExcluding": "2.15.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D09DE9BF-E5F5-40E8-BD31-8090A7A6FACA",
"versionEndExcluding": "2.15.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A05BE2-7F53-49B7-9831-44E97E9ABA4B",
"versionEndExcluding": "2.15.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9290F77E-4E1C-4B01-8C6E-4AEFB37C373A",
"versionEndExcluding": "2.15.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD195547-C770-4696-BB58-C0EC5FA38C29",
"versionEndExcluding": "2.15.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B0D2FC6-C24B-4AF8-813F-4432728A2021",
"versionEndExcluding": "2.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E06BA0F-8D2A-48AF-B012-07F181F83828",
"versionEndExcluding": "2.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28795B18-748A-46AF-B600-5CC7A7A95068",
"versionEndExcluding": "2.15.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2788BC61-D5EB-4E44-A896-0A416CC6D51E",
"versionEndExcluding": "2.15.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C89891C1-DFD7-4E1F-80A9-7485D86A15B5",
"versionEndExcluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4664B195-AF14-4834-82B3-0B2C98020EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "75BC588E-CDF0-404E-AD61-02093A1DF343",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16, ISC DHCP 4.4.0 -\u003e 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted."
},
{
"lang": "es",
"value": "En ISC DHCP versiones 4.1-ESV-R1 anteriores a 4.1-ESV-R16, ISC DHCP versiones 4.4.0 anteriores a 4.4.2 (Otras ramas de ISC DHCP (es decir, versiones de la serie 4.0.x o inferiores y versiones de la serie 4.3.x) est\u00e1n m\u00e1s all\u00e1 de su End-of-Life (EOL) y ya no son soportadas por ISC. El resultado de encontrar el fallo mientras se lee un contrato de arrendamiento que lo desencadena var\u00eda, seg\u00fan: el componente afectado (es decir, dhclient o dhcpd) si el paquete se construy\u00f3 como un binario de 32 o 64 bits si fue usado el flag del compilador -fstack-protection-strong al compilar En dhclient, ISC no ha reproducido con \u00e9xito el error en un sistema de 64 bits. Sin embargo, en un sistema de 32 bits es posible causar a dhclient bloquearse cuando leen un contrato de arrendamiento inapropiado, lo que podr\u00eda causar problemas de conectividad de red para un sistema afectado debido a la ausencia de un proceso de cliente DHCP en ejecuci\u00f3n. En dhcpd, cuando se ejecuta en modo DHCPv4 o DHCPv6: si el binario del servidor dhcpd fue construido para una arquitectura de 32 bits Y se especific\u00f3 el flag -fstack-protection-strong al compilador, dhcpd puede salir mientras analiza un archivo de arrendamiento que contiene un arrendamiento objetable, resultando en la falta de servicio a los clientes. Si el binario del servidor dhcpd fue construido para una arquitectura de 64 bits O si la flag -fstack-protection-strong del compilador NO fue especificado, el bloqueo no ocurrir\u00e1, pero es posible que el contrato de arrendamiento ofensivo y el que le sigue sean borrados inapropiadamente"
}
],
"id": "CVE-2021-25217",
"lastModified": "2024-11-21T05:54:34.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "security-officer@isc.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2021-05-26T22:15:07.947",
"references": [
{
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/26/6"
},
{
"source": "security-officer@isc.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf"
},
{
"source": "security-officer@isc.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
},
{
"source": "security-officer@isc.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/cve-2021-25217"
},
{
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html"
},
{
"source": "security-officer@isc.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QI4DYC7J4BGHEW3NH4XHMWTHYC36UK4/"
},
{
"source": "security-officer@isc.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LB42JWIV4M4WDNXX5VGIP26FEYWKIF/"
},
{
"source": "security-officer@isc.org",
"url": "https://security.gentoo.org/glsa/202305-22"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220325-0011/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/26/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/cve-2021-25217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QI4DYC7J4BGHEW3NH4XHMWTHYC36UK4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LB42JWIV4M4WDNXX5VGIP26FEYWKIF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202305-22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220325-0011/"
}
],
"sourceIdentifier": "security-officer@isc.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-12-17 19:00
Modified
2025-04-11 00:51
Severity ?
Summary
ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service (communications-interrupted state and DHCP client service loss) by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp process check to TCP port 520.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052329.html | ||
| cret@cert.org | http://secunia.com/advisories/42618 | Vendor Advisory | |
| cret@cert.org | http://secunia.com/advisories/42682 | ||
| cret@cert.org | http://www.kb.cert.org/vuls/id/159528 | US Government Resource | |
| cret@cert.org | http://www.mandriva.com/security/advisories?name=MDVSA-2011:001 | ||
| cret@cert.org | http://www.securityfocus.com/bid/45360 | ||
| cret@cert.org | http://www.securitytracker.com/id?1024862 | ||
| cret@cert.org | http://www.vupen.com/english/advisories/2010/3208 | Vendor Advisory | |
| cret@cert.org | http://www.vupen.com/english/advisories/2011/0052 | ||
| cret@cert.org | https://lists.isc.org/pipermail/dhcp-users/2010-December/012368.html | ||
| cret@cert.org | https://www.isc.org/software/dhcp/advisories/cve-2010-3616 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052329.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42618 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42682 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/159528 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:001 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/45360 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1024862 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/3208 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0052 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.isc.org/pipermail/dhcp-users/2010-December/012368.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.isc.org/software/dhcp/advisories/cve-2010-3616 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFCB588-F1C0-4276-993C-CB0FA2BE21F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service (communications-interrupted state and DHCP client service loss) by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp process check to TCP port 520."
},
{
"lang": "es",
"value": "ISC DHCP Server v4.2 anteriore a v4.2.0-P2, cuando est\u00e1 configurado para utilizar las asociaciones de redundancia, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (estado de las comunicaciones interrumpidas y la p\u00e9rdida de servicio de cliente DHCP) mediante la conexi\u00f3n a un puerto que s\u00f3lo se dise\u00f1\u00f3 como par de redundancia, como lo demuestra un proceso de chequeo check_tcp al puerto TCP 520.\r\n"
}
],
"id": "CVE-2010-3616",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-12-17T19:00:20.137",
"references": [
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052329.html"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42618"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/42682"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/159528"
},
{
"source": "cret@cert.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:001"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/45360"
},
{
"source": "cret@cert.org",
"url": "http://www.securitytracker.com/id?1024862"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3208"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2011/0052"
},
{
"source": "cret@cert.org",
"url": "https://lists.isc.org/pipermail/dhcp-users/2010-December/012368.html"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2010-3616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052329.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/159528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1024862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.isc.org/pipermail/dhcp-users/2010-December/012368.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2010-3616"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-25 10:42
Modified
2025-04-11 00:51
Severity ?
Summary
ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 | Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2012-1140.html | Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2012-1141.html | Third Party Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201301-06.xml | Third Party Advisory | |
| cve@mitre.org | http://www.debian.org/security/2012/dsa-2516 | Third Party Advisory | |
| cve@mitre.org | http://www.debian.org/security/2012/dsa-2519 | Third Party Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2012:115 | Third Party Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2012:116 | Third Party Advisory | |
| cve@mitre.org | http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/54665 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/USN-1519-1 | Third Party Advisory | |
| cve@mitre.org | https://kb.isc.org/article/AA-00712 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2012-1140.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2012-1141.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201301-06.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2012/dsa-2516 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2012/dsa-2519 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2012:115 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2012:116 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/54665 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1519-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.isc.org/article/AA-00712 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.2.4 | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| canonical | ubuntu_linux | 11.04 | |
| canonical | ubuntu_linux | 11.10 | |
| canonical | ubuntu_linux | 12.04 | |
| debian | debian_linux | 6.0 | |
| debian | debian_linux | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE50853A-BAE7-499B-A3D7-468A08A07BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "150D46FA-873E-4E4F-8192-BCA1076994D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5C6D8D55-DCD2-4E70-B3C6-76F2134DA336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:-:*:*:*:*:*:*",
"matchCriteriaId": "5E91F700-F59A-491F-BA99-53EC79E573D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "53551545-041A-456F-BC81-E05A6B3CB198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F3DBB40-638E-4A4B-99B4-534D2564E146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:-:*:*:*:*:*:*",
"matchCriteriaId": "0B921430-F03C-42DB-A362-562136B01445",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "FA0C3173-8630-4613-B1D3-711468FC3749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:p2:*:*:*:*:*:*",
"matchCriteriaId": "F104AD27-0AE0-4853-B19C-1D83070A0DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65689412-A35D-40B9-8671-DE8FF63C3DCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
"matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r2:*:*:*:*:*:*",
"matchCriteriaId": "A5E2FFC7-6E73-463E-846C-C403E41A2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3:*:*:*:*:*:*",
"matchCriteriaId": "E9D08285-745D-40AB-9A78-F467712CDA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1:*:*:*:*:*:*",
"matchCriteriaId": "1D115F1F-1A3A-4924-AF10-723B3BB0CBB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r4:*:*:*:*:*:*",
"matchCriteriaId": "79F235F0-AD16-4E5B-AB60-97F0BB86AEB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5:*:*:*:*:*:*",
"matchCriteriaId": "E84D5E5B-0336-4166-AAAC-49375E3AF971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_b1:*:*:*:*:*:*",
"matchCriteriaId": "09561C97-563C-4DDC-9EE4-E83EFFD467D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc1:*:*:*:*:*:*",
"matchCriteriaId": "519CF0CC-FB12-4C68-88A0-E0E15738C620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc2:*:*:*:*:*:*",
"matchCriteriaId": "80EB131E-32E5-458F-8DDA-48835D2D883F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier."
},
{
"lang": "es",
"value": "ISC DHCP v4.1.2 a v4.2.4 y v4.1-ESV antes de v4.1-ESV-R6 permite a atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito y excesivo consumo de CPU) a trav\u00e9s de un identificador de cliente con formato incorrecto.\r\n"
}
],
"id": "CVE-2012-3571",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-25T10:42:35.757",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1140.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/54665"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-00712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1140.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/54665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-00712"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-14 10:33
Modified
2025-04-11 00:51
Severity ?
Summary
ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.html | Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086992.html | Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.html | Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2012-09/msg00088.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2012-09/msg00103.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2012-09/msg00105.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2013-0504.html | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/51318 | Third Party Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201301-06.xml | Third Party Advisory | |
| cve@mitre.org | http://www.debian.org/security/2012/dsa-2551 | Third Party Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2012:153 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/55530 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1027528 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/USN-1571-1 | Third Party Advisory | |
| cve@mitre.org | https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of | Third Party Advisory | |
| cve@mitre.org | https://kb.isc.org/article/AA-00779 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086992.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2012-09/msg00088.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2012-09/msg00103.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2012-09/msg00105.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2013-0504.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/51318 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201301-06.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2012/dsa-2551 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2012:153 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/55530 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1027528 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1571-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.isc.org/article/AA-00779 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.1.2 | |
| debian | debian_linux | 6.0 | |
| debian | debian_linux | 7.0 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 11.04 | |
| canonical | ubuntu_linux | 11.10 | |
| canonical | ubuntu_linux | 12.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
"matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r2:*:*:*:*:*:*",
"matchCriteriaId": "A5E2FFC7-6E73-463E-846C-C403E41A2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3:*:*:*:*:*:*",
"matchCriteriaId": "E9D08285-745D-40AB-9A78-F467712CDA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1:*:*:*:*:*:*",
"matchCriteriaId": "1D115F1F-1A3A-4924-AF10-723B3BB0CBB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r4:*:*:*:*:*:*",
"matchCriteriaId": "79F235F0-AD16-4E5B-AB60-97F0BB86AEB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5:*:*:*:*:*:*",
"matchCriteriaId": "E84D5E5B-0336-4166-AAAC-49375E3AF971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_b1:*:*:*:*:*:*",
"matchCriteriaId": "09561C97-563C-4DDC-9EE4-E83EFFD467D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc1:*:*:*:*:*:*",
"matchCriteriaId": "519CF0CC-FB12-4C68-88A0-E0E15738C620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc2:*:*:*:*:*:*",
"matchCriteriaId": "80EB131E-32E5-458F-8DDA-48835D2D883F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r6:*:*:*:*:*:*",
"matchCriteriaId": "65E0296F-3522-4B43-AF34-CFE1AE7EEC1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3120B566-2BB6-4A1F-9ED7-E099E2870919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "78214BCE-9739-40B9-A32E-89C16F7195DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "40C764F4-8FAD-477E-92E5-79D234673478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "36045DDB-48C6-48CA-AAAF-A3487EF7A537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "ECA81B95-97B7-4A56-A448-6E5DB6FA5F76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "A91F4FD9-1797-4B9C-AFB8-EC6445119DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "4479C934-BF9A-428F-AD22-41C45B70C546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b2:*:*:*:*:*:*",
"matchCriteriaId": "11EE9507-6827-4CFF-B3B4-9DC4DE3E0B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b3:*:*:*:*:*:*",
"matchCriteriaId": "E6CE1A0F-BE1E-4312-B68F-F09B05929F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17B6DEFA-0977-474A-9871-B03DEE924ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "09F19067-DD99-4B26-8125-0801459ED6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "9B63D409-60F5-4AB9-A576-8672D42E071E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "CA5D825C-B72A-44F5-AF24-4F3200881ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9A1C3F3E-CFB2-40F2-89F4-735AAE042F65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced."
},
{
"lang": "es",
"value": "ISC DHCP v4.1-4.1.x antes de v4.1-ESV-R7 y v4.2.x antes de v4.2.4-P2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) en determinadas circunstancias mediante el establecimiento de un \u0027lease\u0027 IPv6 en un entorno donde la expiraci\u00f3n del leasing es posteriormente reducida.\r\n"
}
],
"id": "CVE-2012-3955",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-14T10:33:21.307",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086992.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00088.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00103.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00105.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0504.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51318"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2551"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:153"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/55530"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1027528"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1571-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-00779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086992.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00088.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00103.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0504.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/55530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1027528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1571-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-00779"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 05:15
Modified
2024-11-21 07:01
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-officer@isc.org | https://kb.isc.org/docs/cve-2022-2928 | Vendor Advisory | |
| security-officer@isc.org | https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html | Mailing List, Third Party Advisory | |
| security-officer@isc.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/ | ||
| security-officer@isc.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/ | ||
| security-officer@isc.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/ | ||
| security-officer@isc.org | https://security.gentoo.org/glsa/202305-22 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.isc.org/docs/cve-2022-2928 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-22 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | * | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82DF9AAC-429A-43EB-83EF-0FEFBB95BF26",
"versionEndIncluding": "4.4.3",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10:*:*:*:*:*:*",
"matchCriteriaId": "179443DC-4B6A-408A-8BE5-B3E72188F43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_b1:*:*:*:*:*:*",
"matchCriteriaId": "C9BE7736-58CD-468B-84AB-B38C9B254BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_rc1:*:*:*:*:*:*",
"matchCriteriaId": "7EB6F7F0-B2A0-47E3-AD7A-4E7618A36F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10b1:*:*:*:*:*:*",
"matchCriteriaId": "CA5FAE54-1645-4A38-A431-10E67304399A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10rc1:*:*:*:*:*:*",
"matchCriteriaId": "2C0D1A71-CECB-4C86-87F6-EB3741BDF692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11:*:*:*:*:*:*",
"matchCriteriaId": "ADF80D19-3B0A-4A74-944E-F33CCC30EADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_b1:*:*:*:*:*:*",
"matchCriteriaId": "40B21FCB-43A8-4266-934D-ECFF8138F637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc1:*:*:*:*:*:*",
"matchCriteriaId": "69D49F23-9074-49E7-985F-4D93393324CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc2:*:*:*:*:*:*",
"matchCriteriaId": "3F729D1D-7234-4BC2-839B-AE1BB9D16C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11b1:*:*:*:*:*:*",
"matchCriteriaId": "9E01D88D-876D-45FE-B7ED-089DAD801EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4B030B1-F008-4562-93C7-7E1C6D3D00F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11rc2:*:*:*:*:*:*",
"matchCriteriaId": "FF656F5E-B317-4E0C-BF01-EC2A917142DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:*",
"matchCriteriaId": "FBA64EEC-C0C7-4F11-8131-2868691E54DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12-p1:*:*:*:*:*:*",
"matchCriteriaId": "FFD3109A-1D76-4EA7-BF39-0B203AD945CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_b1:*:*:*:*:*:*",
"matchCriteriaId": "157520D7-AE39-4E23-A8CF-DD75EA78C055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_p1:*:*:*:*:*:*",
"matchCriteriaId": "B07118EC-9508-42B8-8D09-5CE310DA2B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12b1:*:*:*:*:*:*",
"matchCriteriaId": "2156D1BC-90AE-4AF3-964C-DAC7DCE14A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13:*:*:*:*:*:*",
"matchCriteriaId": "A157E664-6ACE-44CE-AC07-64898B182EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13_b1:*:*:*:*:*:*",
"matchCriteriaId": "0056BF7A-4A70-4F1D-89C2-25CCDB65217B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13b1:*:*:*:*:*:*",
"matchCriteriaId": "BA8ADA07-94FA-4014-AF70-8FCAF5F0DB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14:*:*:*:*:*:*",
"matchCriteriaId": "1D21F05D-246F-41F5-81FD-286C26168E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14_b1:*:*:*:*:*:*",
"matchCriteriaId": "12103C87-C942-481A-A68C-7BC83F964C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14b1:*:*:*:*:*:*",
"matchCriteriaId": "A2E0124D-6330-4013-8145-4309FDAE60A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15:*:*:*:*:*:*",
"matchCriteriaId": "924E91FF-495F-4963-827F-57F7340C6560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15-p1:*:*:*:*:*:*",
"matchCriteriaId": "3BC02748-557A-4131-A372-D99B62B4B93B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15_b1:*:*:*:*:*:*",
"matchCriteriaId": "76A11284-3D81-45F0-8055-17282945C14F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r16:*:*:*:*:*:*",
"matchCriteriaId": "98431CF5-D4C2-4FCF-BA81-0BBB631546D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r16-p1:*:*:*:*:*:*",
"matchCriteriaId": "FEA9F857-B59F-4D2D-8F7B-0D1BF08E9712",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In ISC DHCP 4.4.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option\u0027s refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort."
},
{
"lang": "es",
"value": "En ISC DHCP versiones 4.4.0 anteriores a 4.4.3, ISC DHCP versiones 4.1-ESV-R1 anteriores a 4.1-ESV-R16-P1, cuando la funci\u00f3n option_code_hash_lookup() es llamada desde add_option(), incrementa el campo refcount de la opci\u00f3n. Sin embargo, no se presenta una llamada correspondiente a option_dereference() para disminuir el campo refcount. La funci\u00f3n add_option() s\u00f3lo es usada en las respuestas del servidor a paquetes de consulta de arrendamiento. Cada respuesta de consulta de arrendamiento llama a esta funci\u00f3n para varias opciones, por lo que eventualmente, los contadores de referencia podr\u00edan desbordarse y causar a el servidor abortar"
}
],
"id": "CVE-2022-2928",
"lastModified": "2024-11-21T07:01:56.183",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-officer@isc.org",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-10-07T05:15:08.677",
"references": [
{
"source": "security-officer@isc.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/cve-2022-2928"
},
{
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"
},
{
"source": "security-officer@isc.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"
},
{
"source": "security-officer@isc.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"
},
{
"source": "security-officer@isc.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"
},
{
"source": "security-officer@isc.org",
"url": "https://security.gentoo.org/glsa/202305-22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/cve-2022-2928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"sourceIdentifier": "security-officer@isc.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-08-15 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 | Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html | Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://redmine.pfsense.org/issues/1888 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/45582 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/45595 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/45629 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/45639 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/45817 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/45918 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/46780 | Third Party Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201301-06.xml | Third Party Advisory | |
| cve@mitre.org | http://securitytracker.com/id?1025918 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.debian.org/security/2011/dsa-2292 | Third Party Advisory | |
| cve@mitre.org | http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html | Vendor Advisory | |
| cve@mitre.org | http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html | Vendor Advisory | |
| cve@mitre.org | http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html | Vendor Advisory | |
| cve@mitre.org | http://www.isc.org/software/dhcp/advisories/cve-2011-2748 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2011:128 | Third Party Advisory | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2011-1160.html | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/49120 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/USN-1190-1 | Third Party Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/attachment.cgi?id=517665&action=diff | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=729382 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/69139 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://hermes.opensuse.org/messages/11695711 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://redmine.pfsense.org/issues/1888 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45582 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45595 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45629 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45639 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45817 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45918 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/46780 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201301-06.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1025918 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2011/dsa-2292 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.isc.org/software/dhcp/advisories/cve-2011-2748 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:128 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2011-1160.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/49120 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1190-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/attachment.cgi?id=517665&action=diff | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=729382 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/69139 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hermes.opensuse.org/messages/11695711 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.3 | |
| isc | dhcp | 3.0.3 | |
| isc | dhcp | 3.0.3 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.5 | |
| isc | dhcp | 3.0.5 | |
| isc | dhcp | 3.0.6 | |
| isc | dhcp | 3.1 | |
| isc | dhcp | 3.1-esv | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.1 | |
| isc | dhcp | 3.1.1 | |
| isc | dhcp | 3.1.1 | |
| isc | dhcp | 3.1.2 | |
| isc | dhcp | 3.1.2 | |
| isc | dhcp | 3.1.2 | |
| isc | dhcp | 3.1.3 | |
| isc | dhcp | 3.1.3 | |
| isc | dhcp | 3.1.3 | |
| isc | dhcp | 4.0 | |
| isc | dhcp | 4.0-esv | |
| isc | dhcp | 4.0.0 | |
| isc | dhcp | 4.0.1 | |
| isc | dhcp | 4.0.1 | |
| isc | dhcp | 4.0.1 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.3 | |
| isc | dhcp | 4.0.3 | |
| isc | dhcp | 4.0.3 | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 10.10 | |
| canonical | ubuntu_linux | 11.04 | |
| debian | debian_linux | 5.0 | |
| debian | debian_linux | 6.0 | |
| debian | debian_linux | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "648BBC1F-1792-443F-B625-67A05004EB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "EA086AC5-9ADF-4EF9-9534-B1C78CD7A56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1E94449B-6FB0-4E4D-9D92-144A1C474761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc10:*:*:*:*:*:*",
"matchCriteriaId": "6824B249-D222-4F29-8C29-E92071F12621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc11:*:*:*:*:*:*",
"matchCriteriaId": "2F7A3F32-C297-4331-9B8D-1CF8F3D32315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc12:*:*:*:*:*:*",
"matchCriteriaId": "B4959ABA-9F2E-4003-9566-DBE3177AE233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc13:*:*:*:*:*:*",
"matchCriteriaId": "0CE2A3CA-EFB6-4547-BED8-CAC39156F10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc14:*:*:*:*:*:*",
"matchCriteriaId": "5DE205EE-F708-4E4A-A861-EBF6D3C062F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BD8EBBF0-A61B-4FF0-B055-9BA2A21617A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "B3141202-993D-4E80-9EAD-ACA6C1343D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc6:*:*:*:*:*:*",
"matchCriteriaId": "6E0768D1-37D3-4C17-A3A9-94EA237392AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "F167B922-DD9E-4DD1-BB8F-B232711BACCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc8:*:*:*:*:*:*",
"matchCriteriaId": "4E23602E-FFA1-49E2-BF4C-BC5D074517B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc9:*:*:*:*:*:*",
"matchCriteriaId": "8DA200FE-D261-4532-AC63-1208611AFE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "46030C9F-C817-4ACA-A89D-8CCD4DE97B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0A3649A4-BA40-4D8A-AB7C-AE1584459DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9ADC8A14-E847-4CC5-8FA5-522883DE324F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CAA0C26C-9B0A-4ACB-9BD7-413F94948545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2DC6FA47-1F41-465D-8EAD-8116643ADAEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "5D71C1AA-E5F7-454B-9267-FE23E1C2AB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b2:*:*:*:*:*:*",
"matchCriteriaId": "6D521DF6-AED8-40FA-B183-D469100B8B7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b3:*:*:*:*:*:*",
"matchCriteriaId": "BD90F626-AC37-491A-A59D-11307D73E27A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:-:*:*:*:*:*:*",
"matchCriteriaId": "F59B80F0-2FD5-461B-91C7-966BAFB5AB38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b1:*:*:*:*:*:*",
"matchCriteriaId": "34D8DF2C-387B-4880-9832-15583272E151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b2:*:*:*:*:*:*",
"matchCriteriaId": "FD78CE26-475D-4D8B-8625-CAE850F6E876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b3:*:*:*:*:*:*",
"matchCriteriaId": "9338F9AA-41F0-470E-BB49-C1A395376DF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6297233D-6C25-4A10-8F0A-79A8452ABAD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.5:-:*:*:*:*:*:*",
"matchCriteriaId": "0AC6F4D8-DD42-49F6-994C-75EFA888FA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9D5A562-AEB5-41D8-9137-65B3100B1F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5AD8F74D-3F4B-4E25-92C9-D20C63B4B77E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9B9007-1F13-4991-B44C-47D8EB56FB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1-esv:*:*:*:*:*:*:*",
"matchCriteriaId": "B7928AD6-4E2D-414D-A7E2-6DFB559CA1CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CD9AE49C-C152-4D0D-AB08-938F54631909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "7528512B-66EC-4B2C-9158-34199C4A5FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "106F8860-B068-4B68-8734-206BFD401C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a3:*:*:*:*:*:*",
"matchCriteriaId": "240D0880-DC35-41A6-B4F2-F9B73DF4AF59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "6643B661-0253-4036-88D7-AF70B610B627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "EFD04E6D-B418-4BCB-A3A1-CDFDEC271497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7CA10784-1F4A-459B-8FFE-47E9993A63AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "432C01D0-A1F1-4D16-B9B4-D8AAA9D13226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1CF53110-2163-4474-81AC-846E8D502EB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "60FEE70E-514D-4481-A9AE-89FBF9E90AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "B571E882-C976-4156-BE03-96E52EA7463C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "F7A01E62-5C0B-4CB7-B1A3-A60269D901E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D25667FF-3EDC-4238-ADF5-25EFA4D88EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.3:-:*:*:*:*:*:*",
"matchCriteriaId": "B954F84E-1046-4A9F-AF86-7E62FDE88C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "D60C4CBE-C104-4A12-B7DD-AFBB2C1C21AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E4033956-E928-42F7-97E9-A2357CEACEE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "685EB87F-756C-4DBA-A347-171470EA0B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0-esv:*:*:*:*:*:*:*",
"matchCriteriaId": "427C13A1-C73C-4352-902C-2DA3B6C51BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79DA60EA-F94F-4890-BF9E-E142BC219118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "22F98A8C-2C14-40F2-9CA6-FDB909CAB4EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "1F1D4AC8-EF46-4770-88D0-8625CA3B0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FAD5E62F-2C6E-4E78-BDED-1E98F4B6AB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "D90EE731-495C-41B3-B525-CB45392D0190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "09AEAAB7-65FD-4126-A885-813A68B2C942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "BB509C28-72ED-4363-B56A-92D4427FB4E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b3:*:*:*:*:*:*",
"matchCriteriaId": "53F71472-2EC8-441A-B27A-201BEE567717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "584F117E-BDF9-43C5-A870-52EC88855416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "757A6609-79A3-4E52-9CB0-AB830172A69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "3B3EFEAF-F562-488B-9EF4-1467CEF719AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F028BC86-1573-4B86-9976-5F0DA4DB6CC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
"matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r2:*:*:*:*:*:*",
"matchCriteriaId": "A5E2FFC7-6E73-463E-846C-C403E41A2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3:*:*:*:*:*:*",
"matchCriteriaId": "E9D08285-745D-40AB-9A78-F467712CDA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1:*:*:*:*:*:*",
"matchCriteriaId": "1D115F1F-1A3A-4924-AF10-723B3BB0CBB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3120B566-2BB6-4A1F-9ED7-E099E2870919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41B46352-9D4D-4C74-876F-3685016025CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "A91F4FD9-1797-4B9C-AFB8-EC6445119DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "4479C934-BF9A-428F-AD22-41C45B70C546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b2:*:*:*:*:*:*",
"matchCriteriaId": "11EE9507-6827-4CFF-B3B4-9DC4DE3E0B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b3:*:*:*:*:*:*",
"matchCriteriaId": "E6CE1A0F-BE1E-4312-B68F-F09B05929F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17B6DEFA-0977-474A-9871-B03DEE924ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE50853A-BAE7-499B-A3D7-468A08A07BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "150D46FA-873E-4E4F-8192-BCA1076994D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5C6D8D55-DCD2-4E70-B3C6-76F2134DA336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet."
},
{
"lang": "es",
"value": "El servidor en ISC DHCP v3.x y v4.x anterior a v4.2.2, v3.1-ESV anterior a v3.1-ESV-R3, y v4.1-ESV anterior a v4.1-ESV-R3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (salida de demonio) a trav\u00e9s de un paquete DHCP manipulado."
}
],
"id": "CVE-2011-2748",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-08-15T21:55:02.737",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://redmine.pfsense.org/issues/1888"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45582"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45595"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45629"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45639"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45817"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45918"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46780"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1025918"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2292"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-2748"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:128"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1160.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/49120"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1190-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=517665\u0026action=diff"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729382"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69139"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://hermes.opensuse.org/messages/11695711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://redmine.pfsense.org/issues/1888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1025918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-2748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1160.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/49120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1190-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=517665\u0026action=diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://hermes.opensuse.org/messages/11695711"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-11-04 18:00
Modified
2025-04-11 00:51
Severity ?
Summary
ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050766.html | ||
| cret@cert.org | http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051287.html | ||
| cret@cert.org | http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html | ||
| cret@cert.org | http://osvdb.org/68999 | ||
| cret@cert.org | http://secunia.com/advisories/42082 | Vendor Advisory | |
| cret@cert.org | http://secunia.com/advisories/42345 | ||
| cret@cert.org | http://secunia.com/advisories/42407 | ||
| cret@cert.org | http://www.isc.org/software/dhcp/advisories/cve-2010-3611 | Vendor Advisory | |
| cret@cert.org | http://www.kb.cert.org/vuls/id/102047 | US Government Resource | |
| cret@cert.org | http://www.mandriva.com/security/advisories?name=MDVSA-2010:226 | ||
| cret@cert.org | http://www.redhat.com/support/errata/RHSA-2010-0923.html | ||
| cret@cert.org | http://www.securityfocus.com/bid/44615 | ||
| cret@cert.org | http://www.vupen.com/english/advisories/2010/2879 | Patch, Vendor Advisory | |
| cret@cert.org | http://www.vupen.com/english/advisories/2010/3044 | ||
| cret@cert.org | http://www.vupen.com/english/advisories/2010/3092 | ||
| cret@cert.org | https://bugzilla.redhat.com/show_bug.cgi?id=649877 | ||
| cret@cert.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/62965 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050766.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051287.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/68999 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42082 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42345 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42407 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.isc.org/software/dhcp/advisories/cve-2010-3611 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/102047 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:226 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2010-0923.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/44615 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/2879 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/3044 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/3092 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=649877 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/62965 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "685EB87F-756C-4DBA-A347-171470EA0B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79DA60EA-F94F-4890-BF9E-E142BC219118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CBC3A7C-1025-4DF6-8250-44C38CB52444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "1F1D4AC8-EF46-4770-88D0-8625CA3B0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FAD5E62F-2C6E-4E78-BDED-1E98F4B6AB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41B46352-9D4D-4C74-876F-3685016025CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "234EE34E-44F4-45F0-A19A-D369BA5043C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "4479C934-BF9A-428F-AD22-41C45B70C546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b2:*:*:*:*:*:*",
"matchCriteriaId": "11EE9507-6827-4CFF-B3B4-9DC4DE3E0B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b3:*:*:*:*:*:*",
"matchCriteriaId": "E6CE1A0F-BE1E-4312-B68F-F09B05929F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17B6DEFA-0977-474A-9871-B03DEE924ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFCB588-F1C0-4276-993C-CB0FA2BE21F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field."
},
{
"lang": "es",
"value": "ISC DHCP server v4.0 anterior a v4.0.2, v4.1 anterior a v4.1.2, y v4.2 anterior a v4.2-P1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un paquete DHCPv6 contiendo un mensaje Relay-Forward sin una direcci\u00f3n en el campo de direcci\u00f3n de enlace Relay-Forward"
}
],
"id": "CVE-2010-3611",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-11-04T18:00:02.627",
"references": [
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050766.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051287.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"source": "cret@cert.org",
"url": "http://osvdb.org/68999"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42082"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/42345"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/42407"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2010-3611"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/102047"
},
{
"source": "cret@cert.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:226"
},
{
"source": "cret@cert.org",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0923.html"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/44615"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2879"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2010/3044"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2010/3092"
},
{
"source": "cret@cert.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=649877"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050766.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051287.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/68999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2010-3611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/102047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0923.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/44615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/3044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/3092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=649877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62965"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-09 16:15
Modified
2024-11-21 04:09
Severity ?
Summary
Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-officer@isc.org | https://kb.isc.org/docs/aa-01565 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.isc.org/docs/aa-01565 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | * | |
| isc | dhcp | * | |
| isc | dhcp | * | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A611E97-A264-4B4C-93CE-7FC01FE5F708",
"versionEndIncluding": "4.1.2",
"versionStartIncluding": "4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "257C8915-697E-4274-8BCB-43B690FA5C96",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "341617C4-C370-44AD-9138-14EBB3A758F1",
"versionEndExcluding": "4.3.6",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
"matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10:*:*:*:*:*:*",
"matchCriteriaId": "179443DC-4B6A-408A-8BE5-B3E72188F43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10b1:*:*:*:*:*:*",
"matchCriteriaId": "CA5FAE54-1645-4A38-A431-10E67304399A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10rc1:*:*:*:*:*:*",
"matchCriteriaId": "2C0D1A71-CECB-4C86-87F6-EB3741BDF692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11:*:*:*:*:*:*",
"matchCriteriaId": "ADF80D19-3B0A-4A74-944E-F33CCC30EADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11b1:*:*:*:*:*:*",
"matchCriteriaId": "9E01D88D-876D-45FE-B7ED-089DAD801EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4B030B1-F008-4562-93C7-7E1C6D3D00F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11rc2:*:*:*:*:*:*",
"matchCriteriaId": "FF656F5E-B317-4E0C-BF01-EC2A917142DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:*",
"matchCriteriaId": "FBA64EEC-C0C7-4F11-8131-2868691E54DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12-p1:*:*:*:*:*:*",
"matchCriteriaId": "FFD3109A-1D76-4EA7-BF39-0B203AD945CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12b1:*:*:*:*:*:*",
"matchCriteriaId": "2156D1BC-90AE-4AF3-964C-DAC7DCE14A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13:*:*:*:*:*:*",
"matchCriteriaId": "A157E664-6ACE-44CE-AC07-64898B182EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13b1:*:*:*:*:*:*",
"matchCriteriaId": "BA8ADA07-94FA-4014-AF70-8FCAF5F0DB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14:*:*:*:*:*:*",
"matchCriteriaId": "1D21F05D-246F-41F5-81FD-286C26168E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14b1:*:*:*:*:*:*",
"matchCriteriaId": "A2E0124D-6330-4013-8145-4309FDAE60A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15:*:*:*:*:*:*",
"matchCriteriaId": "924E91FF-495F-4963-827F-57F7340C6560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r2:*:*:*:*:*:*",
"matchCriteriaId": "A5E2FFC7-6E73-463E-846C-C403E41A2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3:*:*:*:*:*:*",
"matchCriteriaId": "E9D08285-745D-40AB-9A78-F467712CDA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3b1:*:*:*:*:*:*",
"matchCriteriaId": "C19C3B91-215D-4697-84D9-13CC18445C82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r4:*:*:*:*:*:*",
"matchCriteriaId": "79F235F0-AD16-4E5B-AB60-97F0BB86AEB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5:*:*:*:*:*:*",
"matchCriteriaId": "E84D5E5B-0336-4166-AAAC-49375E3AF971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5b1:*:*:*:*:*:*",
"matchCriteriaId": "4EF0CF57-C49C-4801-B4E1-7D82C3F6E3A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5rc1:*:*:*:*:*:*",
"matchCriteriaId": "8290ECB4-3B70-4126-BF10-68A5A863E297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5rc2:*:*:*:*:*:*",
"matchCriteriaId": "6D35C997-593E-4994-9501-2010D98459D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r6:*:*:*:*:*:*",
"matchCriteriaId": "65E0296F-3522-4B43-AF34-CFE1AE7EEC1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r7:*:*:*:*:*:*",
"matchCriteriaId": "69F6E619-A52B-4A60-8247-41ADD0E7D655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8:*:*:*:*:*:*",
"matchCriteriaId": "AA48EBAA-10B7-43D6-9A27-99F2578DF7F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8b1:*:*:*:*:*:*",
"matchCriteriaId": "9421E40A-FF8D-426B-99A0-24DCD8D9B39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8rc1:*:*:*:*:*:*",
"matchCriteriaId": "81BB427C-AE69-4BFB-B956-F62373FA1EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9:*:*:*:*:*:*",
"matchCriteriaId": "7DABD43E-818A-4B21-B4E7-753056D4A184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9b1:*:*:*:*:*:*",
"matchCriteriaId": "7A08F801-2A32-492F-BAB4-8E32E9981CAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9rc1:*:*:*:*:*:*",
"matchCriteriaId": "B2FDBA4F-CDE8-4767-8C41-328FF9ACB2EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "CA5D825C-B72A-44F5-AF24-4F3200881ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13C8AD22-6E39-4899-88B2-7ED44BE890A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
},
{
"lang": "es",
"value": "Un fallo al comprobar apropiadamente los l\u00edmites de un b\u00fafer usado para procesar las opciones de DHCP, permite a un servidor malicioso (o a una entidad que se hace pasar por un servidor) causar un desbordamiento del b\u00fafer (y el bloqueo resultante) en dhclient mediante el env\u00edo de una respuesta que contiene una secci\u00f3n de opciones especialmente construida. Afecta a ISC DHCP versiones 4.1.0 hasta 4.1-ESV-R15, 4.2.0 hasta 4.2.8, 4.3.0 hasta 4.3.6, y 4.4.0."
}
],
"id": "CVE-2018-5732",
"lastModified": "2024-11-21T04:09:16.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-officer@isc.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-09T16:15:13.407",
"references": [
{
"source": "security-officer@isc.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/aa-01565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/aa-01565"
}
],
"sourceIdentifier": "security-officer@isc.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-16 20:29
Modified
2024-11-21 03:24
Severity ?
Summary
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-officer@isc.org | http://www.securityfocus.com/bid/102726 | Third Party Advisory, VDB Entry | |
| security-officer@isc.org | http://www.securitytracker.com/id/1040194 | Third Party Advisory, VDB Entry | |
| security-officer@isc.org | https://access.redhat.com/errata/RHSA-2018:0158 | Third Party Advisory | |
| security-officer@isc.org | https://kb.isc.org/docs/aa-01541 | Vendor Advisory | |
| security-officer@isc.org | https://usn.ubuntu.com/3586-1/ | Third Party Advisory | |
| security-officer@isc.org | https://www.debian.org/security/2018/dsa-4133 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102726 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040194 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:0158 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.isc.org/docs/aa-01541 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3586-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4133 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | * | |
| isc | dhcp | * | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.4 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_eus | 7.4 | |
| redhat | enterprise_linux_server_eus | 7.5 | |
| redhat | enterprise_linux_server_eus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.4 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B88B6F8-3F13-4984-BBCF-F79BE911F15D",
"versionEndIncluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADAC6E78-8F98-42C3-BE19-276826F84752",
"versionEndIncluding": "4.3.6",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
"matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10:*:*:*:*:*:*",
"matchCriteriaId": "179443DC-4B6A-408A-8BE5-B3E72188F43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_b1:*:*:*:*:*:*",
"matchCriteriaId": "C9BE7736-58CD-468B-84AB-B38C9B254BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_rc1:*:*:*:*:*:*",
"matchCriteriaId": "7EB6F7F0-B2A0-47E3-AD7A-4E7618A36F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11:*:*:*:*:*:*",
"matchCriteriaId": "ADF80D19-3B0A-4A74-944E-F33CCC30EADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_b1:*:*:*:*:*:*",
"matchCriteriaId": "40B21FCB-43A8-4266-934D-ECFF8138F637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc1:*:*:*:*:*:*",
"matchCriteriaId": "69D49F23-9074-49E7-985F-4D93393324CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc2:*:*:*:*:*:*",
"matchCriteriaId": "3F729D1D-7234-4BC2-839B-AE1BB9D16C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:*",
"matchCriteriaId": "FBA64EEC-C0C7-4F11-8131-2868691E54DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_b1:*:*:*:*:*:*",
"matchCriteriaId": "157520D7-AE39-4E23-A8CF-DD75EA78C055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_p1:*:*:*:*:*:*",
"matchCriteriaId": "B07118EC-9508-42B8-8D09-5CE310DA2B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13:*:*:*:*:*:*",
"matchCriteriaId": "A157E664-6ACE-44CE-AC07-64898B182EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13_b1:*:*:*:*:*:*",
"matchCriteriaId": "0056BF7A-4A70-4F1D-89C2-25CCDB65217B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14:*:*:*:*:*:*",
"matchCriteriaId": "1D21F05D-246F-41F5-81FD-286C26168E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14_b1:*:*:*:*:*:*",
"matchCriteriaId": "12103C87-C942-481A-A68C-7BC83F964C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15:*:*:*:*:*:*",
"matchCriteriaId": "924E91FF-495F-4963-827F-57F7340C6560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r2:*:*:*:*:*:*",
"matchCriteriaId": "A5E2FFC7-6E73-463E-846C-C403E41A2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3:*:*:*:*:*:*",
"matchCriteriaId": "E9D08285-745D-40AB-9A78-F467712CDA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1:*:*:*:*:*:*",
"matchCriteriaId": "1D115F1F-1A3A-4924-AF10-723B3BB0CBB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r4:*:*:*:*:*:*",
"matchCriteriaId": "79F235F0-AD16-4E5B-AB60-97F0BB86AEB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5:*:*:*:*:*:*",
"matchCriteriaId": "E84D5E5B-0336-4166-AAAC-49375E3AF971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_b1:*:*:*:*:*:*",
"matchCriteriaId": "09561C97-563C-4DDC-9EE4-E83EFFD467D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc1:*:*:*:*:*:*",
"matchCriteriaId": "519CF0CC-FB12-4C68-88A0-E0E15738C620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc2:*:*:*:*:*:*",
"matchCriteriaId": "80EB131E-32E5-458F-8DDA-48835D2D883F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r6:*:*:*:*:*:*",
"matchCriteriaId": "65E0296F-3522-4B43-AF34-CFE1AE7EEC1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r7:*:*:*:*:*:*",
"matchCriteriaId": "69F6E619-A52B-4A60-8247-41ADD0E7D655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8:*:*:*:*:*:*",
"matchCriteriaId": "AA48EBAA-10B7-43D6-9A27-99F2578DF7F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8_b1:*:*:*:*:*:*",
"matchCriteriaId": "20040BB3-F157-4505-BB60-0D919A7D1436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8_rc1:*:*:*:*:*:*",
"matchCriteriaId": "974A8587-8351-490A-82D9-B541862CA4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9:*:*:*:*:*:*",
"matchCriteriaId": "7DABD43E-818A-4B21-B4E7-753056D4A184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9_b1:*:*:*:*:*:*",
"matchCriteriaId": "EE991D0E-2E2D-4844-9BBD-235D8BC5FB7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9_rc1:*:*:*:*:*:*",
"matchCriteriaId": "975EF88C-988F-40A6-B7D1-D27439144CC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41B46352-9D4D-4C74-876F-3685016025CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."
},
{
"lang": "es",
"value": "Una vulnerabilidad derivada del error al limpiar correctamente las conexiones OMAPI cerradas puede conducir al agotamiento del grupo de descriptores del socket disponibles para el servidor DHCP. Afecta a ISC DHCP desde la versi\u00f3n 4.1.0 hasta la 4.1-ESV-R15, desde la versi\u00f3n 4.2.0 hasta la 4.2.8 y desde la versi\u00f3n 4.3.0 hasta la 4.3.6. Las versiones anteriores podr\u00edan hacerse visto afectadas, pero han sobrepasado por mucho su fin de vida \u00fatil. Las versiones anteriores a la 4.1.0 no han sido probadas."
}
],
"id": "CVE-2017-3144",
"lastModified": "2024-11-21T03:24:55.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-officer@isc.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-16T20:29:00.627",
"references": [
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102726"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040194"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0158"
},
{
"source": "security-officer@isc.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/aa-01541"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/aa-01541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4133"
}
],
"sourceIdentifier": "security-officer@isc.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}