Dhcpd Security Vulnerabilities and Issues — Dhcpd CVE List

Lucene search

IscDhcpd

8 matches found

CVE•added 2019/11/01 11:15 p.m.•1251 views

CVE-2019-6470

There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releas...

7.5CVSS6.7AI score0.002EPSS

CVE•added 2006/08/09 10:4 p.m.•83 views

CVE-2006-3122

The supersede_lease function in memory.c in ISC DHCP (dhcpd) server 2.0pl5 allows remote attackers to cause a denial of service (application crash) via a DHCPDISCOVER packet with a 32 byte client-identifier, which causes the packet to be interpreted as a corrupt uid and causes the server to exit wi...

5CVSS6.3AI score0.1212EPSS

CVE•added 2004/08/06 4:0 a.m.•64 views

CVE-2004-0461

The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of servic...

10CVSS7.8AI score0.09739EPSS

CVE•added 2004/08/06 4:0 a.m.•57 views

CVE-2004-0460

Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) N...

10CVSS7.8AI score0.63054EPSS

CVE•added 2005/03/01 5:0 a.m.•55 views

CVE-2004-1006

Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702.

10CVSS7.2AI score0.37653EPSS

CVE•added 2002/07/26 4:0 a.m.•48 views

CVE-2002-0702

Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers to execute arbitrary code via format strings in a DNS server response.

10CVSS7.5AI score0.37653EPSS

CVE•added 2004/09/01 4:0 a.m.•47 views

CVE-2003-0039

ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count.

5CVSS6.5AI score0.03937EPSS

CVE•added 2003/01/17 5:0 a.m.•40 views

CVE-2003-0026

Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname.

7.5CVSS7.5AI score0.12417EPSS