CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-11766
https://notcve.org/view.php?id=CVE-2019-11766
05 May 2019 — dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature. dhcp6.c en dhcpcd versiones anteriores a 6.11.7 y 7.x en versiones anteriores a 7.2.2 tiene una sobre-lectura de búfer en la característica D6_OPTION_PD_EXCLUDE. • http://www.securityfocus.com/bid/108172 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11579
https://notcve.org/view.php?id=CVE-2019-11579
28 Apr 2019 — dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED. dhcp.c en dhcpcd anterior a 7.2.1 contiene un desbordamiento de lectura de 1 byte con DHO_OPTSOVERLOADED. • http://www.securityfocus.com/bid/108090 • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11578
https://notcve.org/view.php?id=CVE-2019-11578
28 Apr 2019 — auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks. auth.c en dhcpcd anterior a la 7.2.1 permite a los atacantes inferir secretos realizando ataques de latencia. • http://www.securityfocus.com/bid/108090 • CWE-203: Observable Discrepancy •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2019-11577
https://notcve.org/view.php?id=CVE-2019-11577
28 Apr 2019 — dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp6.c when reading NA/TA addresses. dhcpcd versión anterior a 7.2.1 contiene un desbordamiento de búfer en dhcp6_findna en dhcp6.c al leer direcciones NA/TA. • http://www.securityfocus.com/bid/108090 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-1504 – Gentoo Linux Security Advisory 201606-07
https://notcve.org/view.php?id=CVE-2016-1504
18 Jun 2016 — dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length. dhcpcd en versiones anteriores a 6.10.0 permite a atacantes remotos provocar una denegación de servicio (lectura no válida y caída) a través de vectores relacionados con la longitud de la opción. Multiple vulnerabilities have been found in dhcpcd allowing remote attackers to possibly execute arbitrary code or cause a Denial of Service. Versions less than 6.10.0 are aff... • http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 23EXPL: 0CVE-2016-1503 – Gentoo Linux Security Advisory 201606-07
https://notcve.org/view.php?id=CVE-2016-1503
18 Apr 2016 — dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634. dhcpcd en versiones anteriores a 6.10.0, como se utiliza en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anter... • http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-7913
https://notcve.org/view.php?id=CVE-2014-7913
30 Jul 2015 — The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted message. Vulnerabilidad en la función print_option en dhcp-common.c hasta la versión 6.9.1 de dhcpcd, usado en dhcp.c en dhcpcd 5.x, en Android en versiones anteriores a la 5.1 y otros produc... • http://www.securitytracker.com/id/1033124 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-7912 – (Mobile Pwn2Own) Google Android DHCP Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-7912
12 Mar 2015 — The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a large length value of an option in a DHCPACK message. Vulnerabilidad en la función get_option en dhcp.c en las versiones de dhcpcd anteriores a la 6.2.0, usado en dhcpcd 5.x, en Android en versio... • http://www.securitytracker.com/id/1033124 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-0996
https://notcve.org/view.php?id=CVE-2011-0996
13 Apr 2011 — dhcpcd before 5.2.12 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. dhcpcd antes de v5.2.12 permite a atacantes remotos ejecutar comandos de su elección vía metacaracteres encubiertos en un nombre de host obtenido a partir de un mensaje DHCP. • http://roy.marples.name/archives/dhcpcd-discuss/2011/0326.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2002-1403
https://notcve.org/view.php?id=CVE-2002-1403
17 Jan 2003 — dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to execute arbitrary code via shell metacharacters that are fed from a dhcpd .info script into a .exe script. El servicio (demonio) de cliente DHCP dhcpdc 1.3.22 y anteriores permite a usuarios locales ejecutar código arbitrario mediante metacaractéres de shell alimentados desde un script de dhcpd .info en un script .exe. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000549 •