Search CVE reports
21 – 30 of 48 results
CVE-2022-2929
Medium priorityIn ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.
1 affected packages
isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| isc-dhcp | — | Fixed | Fixed | Fixed | Fixed |
CVE-2022-2928
Medium priorityIn ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to...
1 affected packages
isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| isc-dhcp | — | Fixed | Fixed | Fixed | Fixed |
CVE-2022-38178
Medium priorityBy spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
2 affected packages
bind9, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bind9 | — | Fixed | Fixed | Fixed | Not affected |
| isc-dhcp | — | Not affected | Not affected | Not affected | Not affected |
CVE-2022-38177
Medium priorityBy spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
2 affected packages
bind9, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bind9 | — | Not affected | Fixed | Fixed | Fixed |
| isc-dhcp | — | Not affected | Not affected | Not affected | Not affected |
CVE-2022-3080
Medium priorityBy sending specific queries to the resolver, an attacker can cause named to crash.
2 affected packages
bind9, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bind9 | — | Fixed | Not affected | Not affected | Not affected |
| isc-dhcp | — | Not affected | Not affected | Not affected | Not affected |
CVE-2022-2906
Medium priorityAn attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.
2 affected packages
bind9, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bind9 | — | Fixed | Not affected | Not affected | Not affected |
| isc-dhcp | — | Not affected | Not affected | Not affected | Not affected |
CVE-2022-2881
Medium priorityThe underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.
2 affected packages
bind9, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bind9 | — | Fixed | Not affected | Not affected | Not affected |
| isc-dhcp | — | Not affected | Not affected | Not affected | Not affected |
CVE-2022-2795
Medium prioritySome fixes available 10 of 17
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
3 affected packages
bind9, bind9-libs, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bind9 | Fixed | Fixed | Fixed | Fixed | Fixed |
| bind9-libs | Not in release | Needs evaluation | Needs evaluation | Not in release | Not in release |
| isc-dhcp | Vulnerable | Not affected | Not affected | Not affected | Not affected |
CVE-2021-25217
Medium priorityIn ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported...
1 affected packages
isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| isc-dhcp | — | Fixed | Fixed | Fixed | Fixed |
CVE-2012-2248
Low priorityAn issue was discovered in dhclient 4.3.1-6 due to an embedded path variable.
2 affected packages
dhcp3, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| dhcp3 | — | — | — | — | — |
| isc-dhcp | — | — | — | — | — |