Dhcpcd Security Vulnerabilities and Issues — Dhcpcd CVE List

Lucene search

Dhcpcd ProjectDhcpcd

12 matches found

CVE•added 2016/04/18 12:59 a.m.•53 views

CVE-2016-1503

dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malform...

10CVSS8.8AI score0.07135EPSS

CVE•added 2016/04/11 3:59 p.m.•52 views

CVE-2012-6699

The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response.

7.5CVSS7AI score0.00562EPSS

CVE•added 2016/04/11 3:59 p.m.•49 views

CVE-2012-6698

The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response.

7.5CVSS7AI score0.00562EPSS

CVE•added 2019/04/28 4:29 p.m.•47 views

CVE-2019-11579

dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED.

5.3CVSS5.2AI score0.00473EPSS

CVE•added 2016/04/11 3:59 p.m.•46 views

CVE-2012-6700

The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response.

7.5CVSS7.1AI score0.00514EPSS

CVE•added 2019/05/05 6:29 a.m.•45 views

CVE-2019-11766

dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.

9.8CVSS9.5AI score0.00777EPSS

CVE•added 2014/09/04 5:55 p.m.•43 views

CVE-2014-6060

The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again.

3.3CVSS7.2AI score0.00159EPSS

CVE•added 2019/04/28 4:29 p.m.•40 views

CVE-2019-11578

auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks.

5.9CVSS5.6AI score0.0048EPSS

CVE•added 2015/07/30 12:59 a.m.•37 views

CVE-2014-7912

The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory ...

6.8CVSS8.6AI score0.00524EPSS

CVE•added 2019/04/28 4:29 p.m.•36 views

CVE-2019-11577

dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp6.c when reading NA/TA addresses.

9.8CVSS9.7AI score0.04286EPSS

CVE•added 2017/02/07 3:59 p.m.•34 views

CVE-2016-1504

dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length.

7.5CVSS7.9AI score0.01871EPSS

CVE•added 2015/07/30 12:59 a.m.•31 views

CVE-2014-7913

The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corr...

6.8CVSS7.6AI score0.00571EPSS