CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2012-2152 – Debian Security Advisory 2498-1
https://notcve.org/view.php?id=CVE-2012-2152
25 Jun 2012 — Stack-based buffer overflow in the get_packet method in socket.c in dhcpcd 3.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long packet. Desbordamiento de búfer basado en pila en el método de get_packet socket.c en dhcpcd v3.2.3 permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un paquete de gran longitud. It was discovered that dhcpcd, a DHCP client, was vulnerable to a stac... • http://www.debian.org/security/2012/dsa-2498 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-0996 – Gentoo Linux Security Advisory 201301-04
https://notcve.org/view.php?id=CVE-2011-0996
13 Apr 2011 — dhcpcd before 5.2.12 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. dhcpcd antes de v5.2.12 permite a atacantes remotos ejecutar comandos de su elección vía metacaracteres encubiertos en un nombre de host obtenido a partir de un mensaje DHCP. A vulnerability has been found in dhcpcd, allowing remote attackers to execute arbitrary code on the DHCP client. Versions less than 5.2.12 are affected. • http://roy.marples.name/archives/dhcpcd-discuss/2011/0326.html • CWE-20: Improper Input Validation •