CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
43.6%
In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the
function option_code_hash_lookup() is called from add_option(), it
increases the option’s refcount field. However, there is not a
corresponding call to option_dereference() to decrement the refcount field.
The function add_option() is only used in server responses to lease query
packets. Each lease query response calls this function for several options,
so eventually, the reference counters could overflow and cause the server
to abort.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | isc-dhcp | < 4.3.5-3ubuntu7.4 | UNKNOWN |
ubuntu | 20.04 | noarch | isc-dhcp | < 4.4.1-2.1ubuntu5.20.04.4 | UNKNOWN |
ubuntu | 22.04 | noarch | isc-dhcp | < 4.4.1-2.3ubuntu2.3 | UNKNOWN |
ubuntu | 22.10 | noarch | isc-dhcp | < 4.4.3-2ubuntu4 | UNKNOWN |
ubuntu | 14.04 | noarch | isc-dhcp | < 4.2.4-7ubuntu12.13+esm2 | UNKNOWN |
ubuntu | 16.04 | noarch | isc-dhcp | < 4.3.3-5ubuntu12.10+esm2 | UNKNOWN |
kb.isc.org/docs/cve-2022-2928
launchpad.net/bugs/cve/CVE-2022-2928
lists.isc.org/pipermail/dhcp-announce/2022-October/000437.html
nvd.nist.gov/vuln/detail/CVE-2022-2928
security-tracker.debian.org/tracker/CVE-2022-2928
ubuntu.com/security/notices/USN-5658-1
ubuntu.com/security/notices/USN-5658-2
ubuntu.com/security/notices/USN-5658-3
www.cve.org/CVERecord?id=CVE-2022-2928