Lucene search

K
cvelistIscCVELIST:CVE-2022-2929
HistoryOct 07, 2022 - 12:00 a.m.

CVE-2022-2929 DHCP memory leak

2022-10-0700:00:00
isc
www.cve.org

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.2%

In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.

CNA Affected

[
  {
    "vendor": "ISC",
    "product": "ISC DHCP",
    "versions": [
      {
        "version": "1.0 through versions before 4.1-ESV-R16-P2",
        "status": "affected"
      },
      {
        "version": "4.2 through versions before 4.4.3.-P1",
        "status": "affected"
      }
    ]
  }
]

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.2%