CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2019-6470 – dhcpd: use-after-free error leads crash in IPv6 mode when using mismatched BIND libraries
https://notcve.org/view.php?id=CVE-2019-6470
13 May 2019 — There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC softwa... • https://access.redhat.com/errata/RHSA-2019:2060 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 12%CPEs: 1EXPL: 0CVE-2006-3122
https://notcve.org/view.php?id=CVE-2006-3122
09 Aug 2006 — The supersede_lease function in memory.c in ISC DHCP (dhcpd) server 2.0pl5 allows remote attackers to cause a denial of service (application crash) via a DHCPDISCOVER packet with a 32 byte client-identifier, which causes the packet to be interpreted as a corrupt uid and causes the server to exit with "corrupt lease uid." La función supersede_lease en memory.c de ISC DHCP (dhcpd) server 2.0p15 permite a atacantes remotos provocar una denegación de servicio (cierre de aplicación) mediante un paquete DHCPDISCO... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380273 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 7%CPEs: 22EXPL: 0CVE-2004-1006
https://notcve.org/view.php?id=CVE-2004-1006
19 Nov 2004 — Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702. • http://archives.neohapsis.com/archives/bugtraq/2004-10/0287.html •
CVSS: 10.0EPSS: 63%CPEs: 28EXPL: 0CVE-2004-0460
https://notcve.org/view.php?id=CVE-2004-0460
24 Jun 2004 — Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file. Desbordamiento de búfer en la capacidad de registro de sucesos (logging) del demonio DHCP (DHCPD) de ISC DHCP 3.0.1rc12 y 3.01rc13 permite ... • http://marc.info/?l=bugtraq&m=108795911203342&w=2 •
CVSS: 10.0EPSS: 9%CPEs: 28EXPL: 0CVE-2004-0461
https://notcve.org/view.php?id=CVE-2004-0461
24 Jun 2004 — The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code. El demonio DHCP (DHCPD) de ISC DHCP 3.0.1rc12 y 3.0.1rc13, cuando se compila en entornos que no proveen la función vsnprintf, usa ficheros de inclusión de C qu... • http://marc.info/?l=bugtraq&m=108795911203342&w=2 •
CVSS: 7.5EPSS: 3%CPEs: 10EXPL: 0CVE-2003-0039
https://notcve.org/view.php?id=CVE-2003-0039
07 Feb 2003 — ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count. ISC dhcprelay (dhcp-relay) y anteriores, y posiblemente otras versiones, permite a atacantes remotos causar una denegación de servicio (tormenta de paquetes) mediante cierto paquete BOOTP que es enviado a una dirección MAC de difusi... • http://cc.turbolinux.com/security/TLSA-2003-26.txt •
CVSS: 9.8EPSS: 12%CPEs: 9EXPL: 0CVE-2003-0026
https://notcve.org/view.php?id=CVE-2003-0026
16 Jan 2003 — Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname. Múltiples desbordamientos de búfer en la pila en las rutinas de manejo de errores de la libreria minires, como es usada en la capacidad NSUPDATE de ISC DHCPD 3.0 A 3.0.1RC10, permite a atacantes remotos ejecutar código arbitrario mediante un mensaje D... • http://archives.neohapsis.com/archives/bugtraq/2003-01/0250.html •
CVSS: 10.0EPSS: 37%CPEs: 9EXPL: 1CVE-2002-0702 – ISC DHCPD 2.0/3.0.1 - NSUPDATE Remote Format String
https://notcve.org/view.php?id=CVE-2002-0702
23 Jul 2002 — Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers to execute arbitrary code via format strings in a DNS server response. • https://www.exploit-db.com/exploits/21440 •