CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-11766
https://notcve.org/view.php?id=CVE-2019-11766
05 May 2019 — dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature. dhcp6.c en dhcpcd versiones anteriores a 6.11.7 y 7.x en versiones anteriores a 7.2.2 tiene una sobre-lectura de búfer en la característica D6_OPTION_PD_EXCLUDE. • http://www.securityfocus.com/bid/108172 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11579
https://notcve.org/view.php?id=CVE-2019-11579
28 Apr 2019 — dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED. dhcp.c en dhcpcd anterior a 7.2.1 contiene un desbordamiento de lectura de 1 byte con DHO_OPTSOVERLOADED. • http://www.securityfocus.com/bid/108090 • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11578
https://notcve.org/view.php?id=CVE-2019-11578
28 Apr 2019 — auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks. auth.c en dhcpcd anterior a la 7.2.1 permite a los atacantes inferir secretos realizando ataques de latencia. • http://www.securityfocus.com/bid/108090 • CWE-203: Observable Discrepancy •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2019-11577
https://notcve.org/view.php?id=CVE-2019-11577
28 Apr 2019 — dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp6.c when reading NA/TA addresses. dhcpcd versión anterior a 7.2.1 contiene un desbordamiento de búfer en dhcp6_findna en dhcp6.c al leer direcciones NA/TA. • http://www.securityfocus.com/bid/108090 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-1504 – Gentoo Linux Security Advisory 201606-07
https://notcve.org/view.php?id=CVE-2016-1504
18 Jun 2016 — dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length. dhcpcd en versiones anteriores a 6.10.0 permite a atacantes remotos provocar una denegación de servicio (lectura no válida y caída) a través de vectores relacionados con la longitud de la opción. Multiple vulnerabilities have been found in dhcpcd allowing remote attackers to possibly execute arbitrary code or cause a Denial of Service. Versions less than 6.10.0 are aff... • http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 23EXPL: 0CVE-2016-1503 – Gentoo Linux Security Advisory 201606-07
https://notcve.org/view.php?id=CVE-2016-1503
18 Apr 2016 — dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634. dhcpcd en versiones anteriores a 6.10.0, como se utiliza en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anter... • http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-7913
https://notcve.org/view.php?id=CVE-2014-7913
30 Jul 2015 — The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted message. Vulnerabilidad en la función print_option en dhcp-common.c hasta la versión 6.9.1 de dhcpcd, usado en dhcp.c en dhcpcd 5.x, en Android en versiones anteriores a la 5.1 y otros produc... • http://www.securitytracker.com/id/1033124 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-7912 – (Mobile Pwn2Own) Google Android DHCP Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-7912
12 Mar 2015 — The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a large length value of an option in a DHCPACK message. Vulnerabilidad en la función get_option en dhcp.c en las versiones de dhcpcd anteriores a la 6.2.0, usado en dhcpcd 5.x, en Android en versio... • http://www.securitytracker.com/id/1033124 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 96EXPL: 0CVE-2014-6060 – Gentoo Linux Security Advisory 201409-03
https://notcve.org/view.php?id=CVE-2014-6060
03 Sep 2014 — The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again. La función get_option en dhcpcd 4.0.0 hasta 6.x anterior a 6.4.3 permite a servidores DHCP remotos causar una denegación de servicio mediante la restablecimiento de la opción DHO_OPTIONSOVERLOADED en la sección (1) bootfile o (2) servername, lo que ... • http://advisories.mageia.org/MGASA-2014-0334.html • CWE-399: Resource Management Errors •