CVSS: 6.5EPSS: 0%CPEs: 35EXPL: 0CVE-2022-2929 – DHCP memory leak
https://notcve.org/view.php?id=CVE-2022-2929
06 Oct 2022 — In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory. En ISC DHCP versiones 1.0 anteriores a 4.4.3, ISC DHCP versiones 4.1-ESV-R1 anteriores a 4.1-ESV-R16-P1, un sistema con acceso a un servidor DHCP, enviando paquetes DHCP diseñados para incluir etiquetas fqdn de más de 63 bytes, podría llegar a causar a el servidor quedarse sin m... • https://kb.isc.org/docs/cve-2022-2929 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 34EXPL: 0CVE-2022-2928 – An option refcount overflow exists in dhcpd
https://notcve.org/view.php?id=CVE-2022-2928
06 Oct 2022 — In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abo... • https://kb.isc.org/docs/cve-2022-2928 • CWE-190: Integer Overflow or Wraparound CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 57EXPL: 1CVE-2021-25217 – A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient
https://notcve.org/view.php?id=CVE-2021-25217
26 May 2021 — In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component b... • http://www.openwall.com/lists/oss-security/2021/05/26/6 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 38EXPL: 0CVE-2018-5732 – A specially constructed response from a malicious server can cause a buffer overflow in dhclient
https://notcve.org/view.php?id=CVE-2018-5732
01 Mar 2018 — Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0 Un fallo al comprobar apropiadamente los límites de un búfer usado para procesar las opciones de DHCP, permite a un servidor malicioso (o a una entida... • https://kb.isc.org/docs/aa-01565 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 9%CPEs: 55EXPL: 0CVE-2018-5733 – A malicious client can overflow a reference counter in ISC dhcpd
https://notcve.org/view.php?id=CVE-2018-5733
01 Mar 2018 — A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0. Un cliente malicioso al que se le permite enviar grandes cantidades de tráfico (miles de millones de paquetes) a un servidor DHCP puede terminar desbordando un contador de referencia de 32 bits, provocando el cierre inesperado de dhc... • http://www.securityfocus.com/bid/103188 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 12%CPEs: 51EXPL: 0CVE-2017-3144 – Failure to properly clean up closed OMAPI connections can exhaust available sockets
https://notcve.org/view.php?id=CVE-2017-3144
25 Jan 2018 — A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested. Una vulnerabilidad derivada del error al limpiar correctamente las conexiones OMAPI cerradas puede conducir al agotamiento del grupo de descrip... • http://www.securityfocus.com/bid/102726 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.1EPSS: 20%CPEs: 95EXPL: 0CVE-2016-2774 – dhcp: unclosed TCP connections to OMAPI or failover ports can cause DoS
https://notcve.org/view.php?id=CVE-2016-2774
09 Mar 2016 — ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions. ISC DHCP 4.1.x en versiones anteriores a 4.1-ESV-R13 y 4.2.x y 4.3.x en versiones anteriores a 4.3.4 no restringe el número de sesiones TCP concurrentes, lo que permite a atacantes remotos provocar una denegación de servicio (fallo de aserció... • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.html • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 4%CPEs: 93EXPL: 0CVE-2015-8605 – Ubuntu Security Notice USN-2868-1
https://notcve.org/view.php?id=CVE-2015-8605
13 Jan 2016 — ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet. ISC DHCP 4.x en versiones anteriores a 4.1-ESV-R12-P1, 4.2.x y 4.3.x en versiones anteriores a 4.3.3-P1 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de una longitud de campo no válida en un paquete UDP IPv4. Sebastian Poehn discovered that the DHCP server, client, an... • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2013-2494 – Gentoo Linux Security Advisory 201401-05
https://notcve.org/view.php?id=CVE-2013-2494
28 Mar 2013 — libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266. libdns en ISC DHCP v4.2.x antes de v4.2.5-P1 permite a los servidores de nombres remotos provocar una denegación de servicio (consumo de memoria) a través de vectores relacionados con una expresión regular, como lo demuestra un... • https://kb.isc.org/article/AA-00880 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 10%CPEs: 33EXPL: 1CVE-2012-3571 – ISC DHCP 4.x - Multiple Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-3571
25 Jul 2012 — ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier. ISC DHCP v4.1.2 a v4.2.4 y v4.1-ESV antes de v4.1-ESV-R6 permite a atacantes remotos causar una denegación de servicio (bucle infinito y excesivo consumo de CPU) a través de un identificador de cliente con formato incorrecto. • https://www.exploit-db.com/exploits/37538 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •