6.5 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.3 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
38.6%
ISC DHCP server on IBM i is vulnerable to a denial of service attack due to a memory leak in the fqdn_universe_decode function and a reference count overflow in the add_option function as described in the vulnerability details section. IBM i has addressed the vulnerabilities in ISC DHCP server with a fix as described in the remediation/fixes section.
CVEID:CVE-2022-2929
**DESCRIPTION:**ISC DHCP is vulnerable to a denial of service, caused by a memory leak in the fqdn_universe_decode() function. By sending specially crafted DHCP packets for an extended period of time, a remote attacker from within the local network could exploit this vulnerability to cause the server to run out of memory.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237823 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2022-2928
**DESCRIPTION:**ISC DHCP is vulnerable to a denial of service, caused by an option refcount overflow in the add_option() function. A remote attacker from within the local network could exploit this vulnerability to overflow the reference counters and cause the server to abort.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237822 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM i | 7.5 |
IBM i | 7.4 |
IBM i | 7.3 |
IBM i | 7.2 |
The issue can be fixed by applying a PTF to IBM i. IBM i 7.5, 7.4, 7.3, and 7.2 will be fixed.
The IBM i PTF numbers contain the fix for the vulnerabilities.
IBM i Release| 5770-SS1
PTF Number| PTF Download Link
—|—|—
7.5| SI81438| SI81438
7.4| SI81439| SI81439
7.3| SI81440| SI81440
7.2| SI81441| SI81441
https://www.ibm.com/support/fixcentral
_Important note: _IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.
None
6.5 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.3 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
38.6%