Vulnerability Details : CVE-2015-8605
ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2015-8605
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.0.2:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.0.3:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.0.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:r2:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:r3:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1.1:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1.0:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1.2:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.2:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.2:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.3:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.3:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.3:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:r4:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:r5:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:r5_b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:r6:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1.2:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1.2:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.4:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.0.2:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:r10:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:r10_b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:r11_b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:r12_b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:r7:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:r8:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:r8_b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:r8_rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:r9:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:r9_b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:r9_rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1.1:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.0:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.1:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.4:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.4:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.4:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.4:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.4:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.5:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.5:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.5:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.6:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.6:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.6:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.7:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.7:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.8:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.8:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.8:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.3.0:a1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.3.0:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.3.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.3.1:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.3.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.3.2:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.3.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.3.2:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.3.3:b1:*:*:*:*:*:*
- cpe:2.3:a:sophos:unified_threat_management_up2date:*:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:unified_threat_management_up2date:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-8605
5.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-8605
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.7
|
MEDIUM | AV:A/AC:M/Au:N/C:N/I:N/A:C |
5.5
|
6.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2015-8605
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-8605
-
http://www.ubuntu.com/usn/USN-2868-1
USN-2868-1: DHCP vulnerability | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html
openSUSE-SU-2016:0610-1: moderate: Security update for dhcpMailing List;Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html
[SECURITY] Fedora 23 Update: dhcp-4.3.3-8.P1.fc23Mailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.html
openSUSE-SU-2016:0601-1: moderate: Security update for dhcpMailing List;Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
Oracle Solaris Bulletin - January 2016Third Party Advisory
-
http://www.debian.org/security/2016/dsa-3442
Debian -- Security Information -- DSA-3442-1 isc-dhcpThird Party Advisory
-
https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
UTM Up2Date 9.354 released – Sophos NewsThird Party Advisory
-
http://www.securityfocus.com/bid/80703
ISC DHCP CVE-2015-8605 Remote Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1034657
DHCP UDP Length Processing Flaw Lets Remote Users Cause the Target Service to Crash - SecurityTrackerThird Party Advisory;VDB Entry
-
https://kb.isc.org/article/AA-01334
CVE-2015-8605: UDP payload length not properly checked - Security AdvisoriesVendor Advisory
-
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
UTM Up2Date 9.319 released – Sophos NewsThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.html
[SECURITY] Fedora 22 Update: dhcp-4.3.2-7.fc22Mailing List;Third Party Advisory
Jump to