CVE-2012-3571 – ISC DHCP 4.x - Multiple Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-3571
ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier. ISC DHCP v4.1.2 a v4.2.4 y v4.1-ESV antes de v4.1-ESV-R6 permite a atacantes remotos causar una denegación de servicio (bucle infinito y excesivo consumo de CPU) a través de un identificador de cliente con formato incorrecto. • https://www.exploit-db.com/exploits/37538 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html http://rhn.redhat.com/errata/RHSA-2012-1140.html http://rhn.redhat.com/errata/RHSA-2012-1141.html http://security.gentoo.org/glsa/glsa-201301-06.xml http://www.debian.org/security/2012/dsa-2516 http://www.debian.org/security/2012/dsa-2519 http://www.mandriva.com/security/advisories?name=MDVSA-2012:115 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-3954 – dhcp: two memory leaks may result in DoS
https://notcve.org/view.php?id=CVE-2012-3954
Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests. Múltiples fugas de memoria en ISC DHCP 4.1.x y 4.2.x anterior a 4.2.4-P1 y 4.1-ESV anterior a 4.1-ESV-R6, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) mediante el envío de multitud de peticiones. • http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html http://rhn.redhat.com/errata/RHSA-2012-1141.html http://security.gentoo.org/glsa/glsa-201301-06.xml http://www.debian.org/security/2012/dsa-2516 http://www.debian.org/security/2012/dsa-2519 http://www.mandriva.com/security/advisories?name=MDVSA-2012:115 http://www.mandriva.com/security/advisories?name=MDVSA-2012:116 http://www.securityfocus.com/bid/54665 http://www.securitytracker.com/id?1027300 http://w • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •