CVE-2011-4868 : The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynam

The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update.

Published 2012-01-15 03:55:13

Updated 2025-04-11 00:51:22

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionDenial of service

Products affected by CVE-2011-4868

ISC » Dhcp » Update P1
Versions up to, including, (<=) 4.2.3
cpe:2.3:a:isc:dhcp:*:p1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0
cpe:2.3:a:isc:dhcp:3.0:*:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1.0
cpe:2.3:a:isc:dhcp:4.1.0:*:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.4
cpe:2.3:a:isc:dhcp:3.0.4:*:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.1 Update RC8
cpe:2.3:a:isc:dhcp:3.0.1:rc8:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.1 Update RC9
cpe:2.3:a:isc:dhcp:3.0.1:rc9:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.1 Update RC5
cpe:2.3:a:isc:dhcp:3.0.1:rc5:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.1 Update RC2
cpe:2.3:a:isc:dhcp:3.0.1:rc2:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.1 Update Rc14
cpe:2.3:a:isc:dhcp:3.0.1:rc14:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.1 Update Rc11
cpe:2.3:a:isc:dhcp:3.0.1:rc11:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.1 Update RC6
cpe:2.3:a:isc:dhcp:3.0.1:rc6:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.1 Update RC7
cpe:2.3:a:isc:dhcp:3.0.1:rc7:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.1 Update Rc10
cpe:2.3:a:isc:dhcp:3.0.1:rc10:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.1 Update RC1
cpe:2.3:a:isc:dhcp:3.0.1:rc1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.1 Update Rc12
cpe:2.3:a:isc:dhcp:3.0.1:rc12:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.1 Update Rc13
cpe:2.3:a:isc:dhcp:3.0.1:rc13:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.0.0
cpe:2.3:a:isc:dhcp:4.0.0:*:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.2.0
cpe:2.3:a:isc:dhcp:4.2.0:*:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.2.0 Update RC1
cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.2.0 Update A2
cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.2.0 Update A1
cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.2.0 Update B2
cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.2.0 Update B1
cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.2 Update B1
cpe:2.3:a:isc:dhcp:3.0.2:b1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.2 Update RC1
cpe:2.3:a:isc:dhcp:3.0.2:rc1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.2 Update RC2
cpe:2.3:a:isc:dhcp:3.0.2:rc2:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.2 Update RC3
cpe:2.3:a:isc:dhcp:3.0.2:rc3:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.3 Update B1
cpe:2.3:a:isc:dhcp:3.0.3:b1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.3 Update B2
cpe:2.3:a:isc:dhcp:3.0.3:b2:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.3 Update B3
cpe:2.3:a:isc:dhcp:3.0.3:b3:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.4 Update B1
cpe:2.3:a:isc:dhcp:3.0.4:b1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.4 Update B2
cpe:2.3:a:isc:dhcp:3.0.4:b2:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.4 Update B3
cpe:2.3:a:isc:dhcp:3.0.4:b3:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.4 Update RC1
cpe:2.3:a:isc:dhcp:3.0.4:rc1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.5 Update RC1
cpe:2.3:a:isc:dhcp:3.0.5:rc1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.6 Update RC1
cpe:2.3:a:isc:dhcp:3.0.6:rc1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.1.0 Update A1
cpe:2.3:a:isc:dhcp:3.1.0:a1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.1.0 Update A2
cpe:2.3:a:isc:dhcp:3.1.0:a2:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.1.0 Update A3
cpe:2.3:a:isc:dhcp:3.1.0:a3:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.1.0 Update B1
cpe:2.3:a:isc:dhcp:3.1.0:b1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.1.0 Update B2
cpe:2.3:a:isc:dhcp:3.1.0:b2:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.2.1 Update B1
cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.2.1 Update RC1
cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1.0 Update B1
cpe:2.3:a:isc:dhcp:4.1.0:b1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.0.0 Update A2
cpe:2.3:a:isc:dhcp:4.0.0:a2:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.0.0 Update A1
cpe:2.3:a:isc:dhcp:4.0.0:a1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.3
cpe:2.3:a:isc:dhcp:3.0.3:*:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.1
cpe:2.3:a:isc:dhcp:3.0.1:*:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update Rc12
cpe:2.3:a:isc:dhcp:3.0:rc12:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update Rc11
cpe:2.3:a:isc:dhcp:3.0:rc11:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update RC4
cpe:2.3:a:isc:dhcp:3.0:rc4:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update RC3
cpe:2.3:a:isc:dhcp:3.0:rc3:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update Beta2 Patchlevel22 Edition
cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel22:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update Beta2 Patchlevel21 Edition
cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel21:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update Beta2 Patchlevel13 Edition
cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel13:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update Beta2 Patchlevel12 Edition
cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel12:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update Beta2 Patchlevel4 Edition
cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel4:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update Beta2 Patchlevel3 Edition
cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel3:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.2.3
cpe:2.3:a:isc:dhcp:4.2.3:*:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1.0 Update A2
cpe:2.3:a:isc:dhcp:4.1.0:a2:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1.0 Update A1
cpe:2.3:a:isc:dhcp:4.1.0:a1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.1.0
cpe:2.3:a:isc:dhcp:3.1.0:*:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.5
cpe:2.3:a:isc:dhcp:3.0.5:*:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update Rc10
cpe:2.3:a:isc:dhcp:3.0:rc10:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update RC9
cpe:2.3:a:isc:dhcp:3.0:rc9:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update RC8 Patchlevel1 Edition
cpe:2.3:a:isc:dhcp:3.0:rc8:patchlevel1:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update RC2 Patchlevel1 Edition
cpe:2.3:a:isc:dhcp:3.0:rc2:patchlevel1:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update RC2
cpe:2.3:a:isc:dhcp:3.0:rc2:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update Beta2 Patchlevel20 Edition
cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel20:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update Beta2 Patchlevel19 Edition
cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel19:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update Beta2 Patchlevel11 Edition
cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel11:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update Beta2 Patchlevel10 Edition
cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel10:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update Beta2 Patchlevel9 Edition
cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel9:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update Beta2 Patchlevel2 Edition
cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel2:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update Beta2 Patchlevel1 Edition
cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel1:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.2.2
cpe:2.3:a:isc:dhcp:4.2.2:*:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.2.2 Update RC1
cpe:2.3:a:isc:dhcp:4.2.2:rc1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.0.0 Update B3
cpe:2.3:a:isc:dhcp:4.0.0:b3:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.2
cpe:2.3:a:isc:dhcp:3.0.2:*:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.1 Update RC4
cpe:2.3:a:isc:dhcp:3.0.1:rc4:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.1 Update RC3
cpe:2.3:a:isc:dhcp:3.0.1:rc3:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update RC8
cpe:2.3:a:isc:dhcp:3.0:rc8:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update RC7
cpe:2.3:a:isc:dhcp:3.0:rc7:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update RC1 Patchlevel1 Edition
cpe:2.3:a:isc:dhcp:3.0:rc1:patchlevel1:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update RC1
cpe:2.3:a:isc:dhcp:3.0:rc1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update Beta2 Patchlevel18 Edition
cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel18:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update Beta2 Patchlevel16 Edition
cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel16:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update Beta2 Patchlevel8 Edition
cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel8:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update Beta2 Patchlevel7 Edition
cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel7:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.2.2 Update B1
cpe:2.3:a:isc:dhcp:4.2.2:b1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.2.1
cpe:2.3:a:isc:dhcp:4.2.1:*:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.0.0 Update B2
cpe:2.3:a:isc:dhcp:4.0.0:b2:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.0.0 Update B1
cpe:2.3:a:isc:dhcp:4.0.0:b1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.0.0 Update A3
cpe:2.3:a:isc:dhcp:4.0.0:a3:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update RC6
cpe:2.3:a:isc:dhcp:3.0:rc6:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update RC5
cpe:2.3:a:isc:dhcp:3.0:rc5:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update Beta2 Patchlevel24 Edition
cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel24:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update Beta2 Patchlevel23 Edition
cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel23:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update Beta2 Patchlevel15 Edition
cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel15:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update Beta2 Patchlevel14 Edition
cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel14:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update Beta2 Patchlevel6 Edition
cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel6:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0 Update Beta2 Patchlevel5 Edition
cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel5:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2011-4868

EPSS FAQ

0.93%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 74 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-4868

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.1	MEDIUM	AV:A/AC:L/Au:N/C:N/I:N/A:C	6.5	6.9	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2011-4868

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-4868

https://kb.isc.org/article/AA-00705

CVE-2011-4868: An Error in DDNS Processing of DHCPv6 Leases Can Cause a Crash in ISC dhcpd - Security Advisories
https://deepthought.isc.org/article/AA-00595
https://www.isc.org/software/dhcp/advisories/cve-2011-4868

Internet Systems Consortium
Vendor Advisory
http://security.gentoo.org/glsa/glsa-201301-06.xml

ISC DHCP: Denial of Service (GLSA 201301-06) — Gentoo security

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2011-4868

Products affected by CVE-2011-4868

Exploit prediction scoring system (EPSS) score for CVE-2011-4868

CVSS scores for CVE-2011-4868

CWE ids for CVE-2011-4868

References for CVE-2011-4868