// For flags

CVE-2022-2929

DHCP memory leak

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.

En ISC DHCP versiones 1.0 anteriores a 4.4.3, ISC DHCP versiones 4.1-ESV-R1 anteriores a 4.1-ESV-R16-P1, un sistema con acceso a un servidor DHCP, enviando paquetes DHCP diseñados para incluir etiquetas fqdn de más de 63 bytes, podría llegar a causar a el servidor quedarse sin memoria

A vulnerability was found in the DHCP server where the "fqdn_universe_decode()" function allocates buffer space for the contents of option 81 (fqdn) data received in a DHCP packet. The maximum length of a DNS "label" is 63 bytes. The function tests the length byte of each label contained in the "fqdn"; if it finds a label whose length byte value is larger than 63, it returns without dereferencing the buffer space. This issue causes a memory leak. On a system with access to a DHCP server, an attacker from any adjacent network could send DHCP packets crafted to include "fqdn" labels longer than 63 bytes to the DHCP server, eventually causing the server to run out of memory and crash.

*Credits: ISC would like to thank VictorV of Cyber Kunlun Lab for discovering and reporting this issue.
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-08-22 CVE Reserved
  • 2022-10-06 CVE Published
  • 2024-05-14 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
>= 1.0.0 < 4.1-esv
Search vendor "Isc" for product "Dhcp" and version " >= 1.0.0 < 4.1-esv"
-
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
>= 4.2.0 <= 4.4.3
Search vendor "Isc" for product "Dhcp" and version " >= 4.2.0 <= 4.4.3"
-
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r1
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r10
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r10_b1
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r10_rc1
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r10b1
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r10rc1
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r11
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r11_b1
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r11_rc1
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r11_rc2
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r11b1
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r11rc1
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r11rc2
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r12
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r12-p1
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r12_b1
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r12_p1
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r12b1
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r13
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r13_b1
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r13b1
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r14
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r14_b1
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r14b1
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r15
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r15-p1
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r15_b1
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r16
Affected
Isc
Search vendor "Isc"
Dhcp
Search vendor "Isc" for product "Dhcp"
4.1-esv
Search vendor "Isc" for product "Dhcp" and version "4.1-esv"
r16-p1
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
10.0
Search vendor "Debian" for product "Debian Linux" and version "10.0"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
35
Search vendor "Fedoraproject" for product "Fedora" and version "35"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
36
Search vendor "Fedoraproject" for product "Fedora" and version "36"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
37
Search vendor "Fedoraproject" for product "Fedora" and version "37"
-
Affected