CVE-2022-2929

DHCP memory leak

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.

En ISC DHCP versiones 1.0 anteriores a 4.4.3, ISC DHCP versiones 4.1-ESV-R1 anteriores a 4.1-ESV-R16-P1, un sistema con acceso a un servidor DHCP, enviando paquetes DHCP diseñados para incluir etiquetas fqdn de más de 63 bytes, podría llegar a causar a el servidor quedarse sin memoria

A vulnerability was found in the DHCP server where the "fqdn_universe_decode()" function allocates buffer space for the contents of option 81 (fqdn) data received in a DHCP packet. The maximum length of a DNS "label" is 63 bytes. The function tests the length byte of each label contained in the "fqdn"; if it finds a label whose length byte value is larger than 63, it returns without dereferencing the buffer space. This issue causes a memory leak. On a system with access to a DHCP server, an attacker from any adjacent network could send DHCP packets crafted to include "fqdn" labels longer than 63 bytes to the DHCP server, eventually causing the server to run out of memory and crash.

*Credits: ISC would like to thank VictorV of Cyber Kunlun Lab for discovering and reporting this issue.

CVSS Scores

Internet Systems Consortium (ISC)v3.1 6.5

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-08-22 CVE Reserved
2022-10-06 CVE Published
2024-05-14 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-770: Allocation of Resources Without Limits or Throttling

CAPEC

References (8)

URL	Tag	Source
https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html	Mailing List

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://kb.isc.org/docs/cve-2022-2929	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX	2023-11-07
https://security.gentoo.org/glsa/202305-22	2023-11-07
https://access.redhat.com/security/cve/CVE-2022-2929	2023-05-16
https://bugzilla.redhat.com/show_bug.cgi?id=2132001	2023-05-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				>= 1.0.0 < 4.1-esv Search vendor "Isc" for product "Dhcp" and version " >= 1.0.0 < 4.1-esv"		-		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				>= 4.2.0 <= 4.4.3 Search vendor "Isc" for product "Dhcp" and version " >= 4.2.0 <= 4.4.3"		-		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r1		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r10		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r10_b1		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r10_rc1		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r10b1		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r10rc1		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r11		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r11_b1		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r11_rc1		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r11_rc2		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r11b1		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r11rc1		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r11rc2		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r12		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r12-p1		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r12_b1		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r12_p1		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r12b1		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r13		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r13_b1		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r13b1		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r14		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r14_b1		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r14b1		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r15		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r15-p1		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r15_b1		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r16		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1-esv Search vendor "Isc" for product "Dhcp" and version "4.1-esv"		r16-p1		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				35 Search vendor "Fedoraproject" for product "Fedora" and version "35"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				36 Search vendor "Fedoraproject" for product "Fedora" and version "36"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				37 Search vendor "Fedoraproject" for product "Fedora" and version "37"		-		Affected