CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2019-6470 – dhcpd: use-after-free error leads crash in IPv6 mode when using mismatched BIND libraries
https://notcve.org/view.php?id=CVE-2019-6470
13 May 2019 — There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC softwa... • https://access.redhat.com/errata/RHSA-2019:2060 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 12%CPEs: 1EXPL: 0CVE-2006-3122
https://notcve.org/view.php?id=CVE-2006-3122
09 Aug 2006 — The supersede_lease function in memory.c in ISC DHCP (dhcpd) server 2.0pl5 allows remote attackers to cause a denial of service (application crash) via a DHCPDISCOVER packet with a 32 byte client-identifier, which causes the packet to be interpreted as a corrupt uid and causes the server to exit with "corrupt lease uid." La función supersede_lease en memory.c de ISC DHCP (dhcpd) server 2.0p15 permite a atacantes remotos provocar una denegación de servicio (cierre de aplicación) mediante un paquete DHCPDISCO... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380273 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 7%CPEs: 22EXPL: 0CVE-2004-1006
https://notcve.org/view.php?id=CVE-2004-1006
19 Nov 2004 — Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702. • http://archives.neohapsis.com/archives/bugtraq/2004-10/0287.html •