CVE-2004-0460

2004-08-0604:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-0460

buffer overflow

isc dhcp

denial of service

remote code execution

7.9 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.935 High

EPSS

Percentile

99.1%

JSON

Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file.

CPENameOperatorVersion
infoblox:dns_one_applianceinfoblox dns one applianceeq2.3.1_r5
infoblox:dns_one_applianceinfoblox dns one applianceeq2.4.0.8
infoblox:dns_one_applianceinfoblox dns one applianceeq2.4.0.8a
isc:dhcpdisc dhcpdeq3.0.1
suse:suse_email_serversuse suse email servereqiii
suse:suse_linux_admin-cd_for_firewallsuse suse linux admin-cd for firewalleq*
suse:suse_linux_connectivity_serversuse suse linux connectivity servereq*
suse:suse_linux_database_serversuse suse linux database servereq*
suse:suse_linux_firewall_cdsuse suse linux firewall cdeq*
suse:suse_linux_office_serversuse suse linux office servereq*

CPE	Name	Operator	Version
infoblox:dns_one_appliance	infoblox dns one appliance	eq	2.3.1_r5
infoblox:dns_one_appliance	infoblox dns one appliance	eq	2.4.0.8
infoblox:dns_one_appliance	infoblox dns one appliance	eq	2.4.0.8a
isc:dhcpd	isc dhcpd	eq	3.0.1
suse:suse_email_server	suse suse email server	eq	iii
suse:suse_linux_admin-cd_for_firewall	suse suse linux admin-cd for firewall	eq	*
suse:suse_linux_connectivity_server	suse suse linux connectivity server	eq	*
suse:suse_linux_database_server	suse suse linux database server	eq	*
suse:suse_linux_firewall_cd	suse suse linux firewall cd	eq	*
suse:suse_linux_office_server	suse suse linux office server	eq	*