Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-2928
HistoryOct 05, 2022 - 12:00 a.m.

CVE-2022-2928

2022-10-0500:00:00
ubuntu.com
ubuntu.com
23
isc dhcp
function vulnerability
lease query packets
server abort

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

43.6%

In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the
function option_code_hash_lookup() is called from add_option(), it
increases the option’s refcount field. However, there is not a
corresponding call to option_dereference() to decrement the refcount field.
The function add_option() is only used in server responses to lease query
packets. Each lease query response calls this function for several options,
so eventually, the reference counters could overflow and cause the server
to abort.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchisc-dhcp< 4.3.5-3ubuntu7.4UNKNOWN
ubuntu20.04noarchisc-dhcp< 4.4.1-2.1ubuntu5.20.04.4UNKNOWN
ubuntu22.04noarchisc-dhcp< 4.4.1-2.3ubuntu2.3UNKNOWN
ubuntu22.10noarchisc-dhcp< 4.4.3-2ubuntu4UNKNOWN
ubuntu14.04noarchisc-dhcp< 4.2.4-7ubuntu12.13+esm2UNKNOWN
ubuntu16.04noarchisc-dhcp< 4.3.3-5ubuntu12.10+esm2UNKNOWN

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

43.6%