Description
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.
CVSS breakdown
CVSS 3.1
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- ISC / ISC DHCP1.0 through versions before 4.1-ESV-R16-P2 – 1.0 through versions before 4.1-ESV-R16-P2
- ISC / ISC DHCP4.2 through versions before 4.4.3.-P1 – 4.2 through versions before 4.4.3.-P1
References
- MISChttps://kb.isc.org/docs/cve-2022-2929
- MAILING_LISThttps://lists.debian.org/debian-lts-announce/2022/10/msg00015.html
- MAILING_LISThttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/
- MAILING_LISThttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/
- MAILING_LISThttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/
- MISChttps://security.gentoo.org/glsa/202305-22