National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:isc:dhcp:4.2.2:b1
There are 11 matching records.
Vuln ID Summary CVSS Severity
CVE-2018-5732

Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0

Published: October 09, 2019; 12:15:13 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2018-5733

A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.

Published: January 16, 2019; 03:29:00 PM -05:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2017-3144

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.

Published: January 16, 2019; 03:29:00 PM -05:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2016-2774

ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.

Published: March 09, 2016; 10:59:00 AM -05:00
V3.0: 5.9 MEDIUM
    V2: 7.1 HIGH
CVE-2015-8605

ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.

Published: January 14, 2016; 05:59:00 PM -05:00
V3.0: 6.5 MEDIUM
    V2: 5.7 MEDIUM
CVE-2013-2494

libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266.

Published: March 28, 2013; 12:55:01 PM -04:00
    V2: 4.9 MEDIUM
CVE-2012-3954

Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.

Published: July 25, 2012; 06:42:35 AM -04:00
    V2: 3.3 LOW
CVE-2012-3571

ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.

Published: July 25, 2012; 06:42:35 AM -04:00
    V2: 6.1 MEDIUM
CVE-2012-3570

Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter.

Published: July 25, 2012; 06:42:35 AM -04:00
    V2: 5.7 MEDIUM
CVE-2011-4868

The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update.

Published: January 14, 2012; 10:55:12 PM -05:00
    V2: 6.1 MEDIUM
CVE-2011-4539

dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.

Published: December 08, 2011; 06:55:02 AM -05:00
    V2: 5.0 MEDIUM