CVSS: 6.1EPSS: 7%CPEs: 33EXPL: 1CVE-2012-3571 – ISC DHCP 4.x - Multiple Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-3571
ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier. ISC DHCP v4.1.2 a v4.2.4 y v4.1-ESV antes de v4.1-ESV-R6 permite a atacantes remotos causar una denegación de servicio (bucle infinito y excesivo consumo de CPU) a través de un identificador de cliente con formato incorrecto. • https://www.exploit-db.com/exploits/37538 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html http://rhn.redhat.com/errata/RHSA-2012-1140.html http://rhn.redhat.com/errata/RHSA-2012-1141.html http://security.gentoo.org/glsa/glsa-201301-06.xml http://www.debian.org/security/2012/dsa-2516 http://www.debian.org/security/2012/dsa-2519 http://www.mandriva.com/security/advisories?name=MDVSA-2012:115 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.3EPSS: 3%CPEs: 46EXPL: 0CVE-2012-3954 – dhcp: two memory leaks may result in DoS
https://notcve.org/view.php?id=CVE-2012-3954
Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests. Múltiples fugas de memoria en ISC DHCP 4.1.x y 4.2.x anterior a 4.2.4-P1 y 4.1-ESV anterior a 4.1-ESV-R6, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) mediante el envío de multitud de peticiones. • http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html http://rhn.redhat.com/errata/RHSA-2012-1141.html http://security.gentoo.org/glsa/glsa-201301-06.xml http://www.debian.org/security/2012/dsa-2516 http://www.debian.org/security/2012/dsa-2519 http://www.mandriva.com/security/advisories?name=MDVSA-2012:115 http://www.mandriva.com/security/advisories?name=MDVSA-2012:116 http://www.securityfocus.com/bid/54665 http://www.securitytracker.com/id?1027300 http://w • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.1EPSS: 0%CPEs: 102EXPL: 0CVE-2011-4868
https://notcve.org/view.php?id=CVE-2011-4868
The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update. La funcionalidad de registro en el dhcpd de ISC DHCP anterior a v4.2.3-P2, cuando se utiliza DNS dinámico (DDNS) y direcciones IPv6, no maneja correctamente la estructura de arrendamiento (lease structure) DHCPv6, permitiendo a atacantes remotos provocar una denegación de servicio (puntero a NULL y el caída del servicio) mediante paquetes especialmente elaborados en relación con una actualización lease-status. • http://security.gentoo.org/glsa/glsa-201301-06.xml https://deepthought.isc.org/article/AA-00595 https://kb.isc.org/article/AA-00705 https://www.isc.org/software/dhcp/advisories/cve-2011-4868 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 2%CPEs: 39EXPL: 0CVE-2011-4539 – dhcp: DoS due to processing certain regular expressions
https://notcve.org/view.php?id=CVE-2011-4539
dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet. dhcpd en ISC DHCP v4.x antes de v4.2.3-P1 y v4.1-ESV antes de v4.1-ESV-R4 no manipula correctamente expresiones regulares en dhcpd.conf, lo que permite a atacantes remotos provocar una denegación de servicio (caída del deminio) a través de un paquete de petición modificado. • http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070980.html http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071549.html http://lists.opensuse.org/opensuse-updates/2011-12/msg00006.html http://secunia.com/advisories/47153 http://secunia.com/advisories/47178 http://security.gentoo.org/glsa/glsa-201301-06.xml http://www.debian.org/security/2012/dsa-2519 http://www.mandriva.com/security/advisories?name=MDVSA-2011:182 http://www.securityfocus.com/bi • CWE-20: Improper Input Validation •