fkie_nvd - fkie_cve-2013-2494

fkie_cve-2013-2494

Vulnerability from fkie_nvd

Published

2013-03-28 16:55

Modified

2025-04-11 00:51

Severity ?

Summary

libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266.

References

▶	URL	Tags
	cve@mitre.org	https://kb.isc.org/article/AA-00880/	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://kb.isc.org/article/AA-00880/	Vendor Advisory

Impacted products

Vendor	Product	Version
isc	dhcp	4.2.0
isc	dhcp	4.2.0
isc	dhcp	4.2.0
isc	dhcp	4.2.0
isc	dhcp	4.2.0
isc	dhcp	4.2.0
isc	dhcp	4.2.0
isc	dhcp	4.2.1
isc	dhcp	4.2.1
isc	dhcp	4.2.1
isc	dhcp	4.2.2
isc	dhcp	4.2.2
isc	dhcp	4.2.2
isc	dhcp	4.2.3
isc	dhcp	4.2.3
isc	dhcp	4.2.3
isc	dhcp	4.2.4
isc	dhcp	4.2.4
isc	dhcp	4.2.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AFCB588-F1C0-4276-993C-CB0FA2BE21F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
              "matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
              "matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
              "matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
              "matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
              "matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE3EE047-6A23-4BFF-9576-9E4CA63BA153",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
              "matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1707B3D-29F7-46C6-8A0A-D776E062FD4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.2:b1:*:*:*:*:*:*",
              "matchCriteriaId": "53551545-041A-456F-BC81-E05A6B3CB198",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0F3DBB40-638E-4A4B-99B4-534D2564E146",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "493B7D92-18A4-4221-AEDD-917404C47E6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "FA0C3173-8630-4613-B1D3-711468FC3749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "F104AD27-0AE0-4853-B19C-1D83070A0DEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65689412-A35D-40B9-8671-DE8FF63C3DCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "E85A27A0-A83B-4BBF-A3B8-5219F2053902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0383976E-DF90-4850-A1A3-D1965B50A511",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266."
    },
    {
      "lang": "es",
      "value": "libdns en ISC DHCP v4.2.x antes de v4.2.5-P1 permite a los servidores de nombres remotos provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de vectores relacionados con una expresi\u00f3n regular, como lo demuestra un ataque memoria de agotamiento contra un equipo que ejecuta un proceso de dhcpd, un tema relacionado con CVE-2013-2266."
    }
  ],
  "id": "CVE-2013-2494",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-03-28T16:55:01.060",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/article/AA-00880/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/article/AA-00880/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2013-2494 (GCVE-0-2013-2494)

Vulnerability from cvelistv5

Published

2013-03-28 16:00

Modified

2024-09-16 19:52

Severity ?

CWE

Summary

References

►

URL

Tags

https://kb.isc.org/article/AA-00880/

x_refsource_CONFIRM