Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-87943
HistoryOct 11, 2022 - 12:00 a.m.

ISC DHCP Denial of Service Vulnerability

2022-10-1100:00:00
China National Vulnerability Database
www.cnvd.org.cn
18
isc dhcp
denial of service
vulnerability
option_code_hash_lookup
add_option
reference counter overflow

EPSS

0.001

Percentile

43.6%

ISC DHCP is a set of open source Dynamic Host Configuration Protocol server software from ISC. ISC DHCP has a denial-of-service vulnerability that stems from the fact that when the function option_code_hash_lookup() is called from add_option(), it increases the option’s refcount field, but does not make a corresponding call to option_ dereference() is called accordingly to reduce the refcount field, the function add_option() is only used for the server’s response to lease query packets, and each lease query response calls this function for multiple options, which can be exploited by an attacker to trigger a reference counter overflow, resulting in a denial of service.