ISC » Dhcp » 3.0 beta2 patchlevel6 : Security Vulnerabilities, CVEs,
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.
Max CVSS
6.5
EPSS Score
0.08%
Published
2022-10-07
Updated
2023-05-03
The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update.
Max CVSS
6.1
EPSS Score
0.63%
Published
2012-01-15
Updated
2016-12-03
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.
Max CVSS
7.8
EPSS Score
95.20%
Published
2011-08-15
Updated
2020-04-01
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.
Max CVSS
7.8
EPSS Score
96.32%
Published
2011-08-15
Updated
2020-01-08
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.
Max CVSS
7.5
EPSS Score
97.07%
Published
2011-04-08
Updated
2020-04-01
Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option.
Max CVSS
10.0
EPSS Score
7.61%
Published
2009-07-14
Updated
2017-09-29
6 vulnerabilities found