fkie_cve-2022-2928
Vulnerability from fkie_nvd
Published
2022-10-07 05:15
Modified
2024-11-21 07:01
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | * | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*", matchCriteriaId: "82DF9AAC-429A-43EB-83EF-0FEFBB95BF26", versionEndIncluding: "4.4.3", versionStartIncluding: "4.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*", matchCriteriaId: "FBAABA4E-0D34-4644-AC26-E272CEE6C361", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r10:*:*:*:*:*:*", matchCriteriaId: "179443DC-4B6A-408A-8BE5-B3E72188F43E", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r10_b1:*:*:*:*:*:*", matchCriteriaId: "C9BE7736-58CD-468B-84AB-B38C9B254BA6", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r10_rc1:*:*:*:*:*:*", matchCriteriaId: "7EB6F7F0-B2A0-47E3-AD7A-4E7618A36F90", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r10b1:*:*:*:*:*:*", matchCriteriaId: "CA5FAE54-1645-4A38-A431-10E67304399A", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r10rc1:*:*:*:*:*:*", matchCriteriaId: "2C0D1A71-CECB-4C86-87F6-EB3741BDF692", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r11:*:*:*:*:*:*", matchCriteriaId: "ADF80D19-3B0A-4A74-944E-F33CCC30EADA", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r11_b1:*:*:*:*:*:*", matchCriteriaId: "40B21FCB-43A8-4266-934D-ECFF8138F637", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc1:*:*:*:*:*:*", matchCriteriaId: "69D49F23-9074-49E7-985F-4D93393324CD", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc2:*:*:*:*:*:*", matchCriteriaId: "3F729D1D-7234-4BC2-839B-AE1BB9D16C25", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r11b1:*:*:*:*:*:*", matchCriteriaId: "9E01D88D-876D-45FE-B7ED-089DAD801EF6", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r11rc1:*:*:*:*:*:*", matchCriteriaId: "C4B030B1-F008-4562-93C7-7E1C6D3D00F4", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r11rc2:*:*:*:*:*:*", matchCriteriaId: "FF656F5E-B317-4E0C-BF01-EC2A917142DC", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:*", matchCriteriaId: "FBA64EEC-C0C7-4F11-8131-2868691E54DB", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r12-p1:*:*:*:*:*:*", matchCriteriaId: "FFD3109A-1D76-4EA7-BF39-0B203AD945CF", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r12_b1:*:*:*:*:*:*", matchCriteriaId: "157520D7-AE39-4E23-A8CF-DD75EA78C055", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r12_p1:*:*:*:*:*:*", matchCriteriaId: "B07118EC-9508-42B8-8D09-5CE310DA2B43", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r12b1:*:*:*:*:*:*", matchCriteriaId: "2156D1BC-90AE-4AF3-964C-DAC7DCE14A5D", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r13:*:*:*:*:*:*", matchCriteriaId: "A157E664-6ACE-44CE-AC07-64898B182EA1", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r13_b1:*:*:*:*:*:*", matchCriteriaId: "0056BF7A-4A70-4F1D-89C2-25CCDB65217B", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r13b1:*:*:*:*:*:*", matchCriteriaId: "BA8ADA07-94FA-4014-AF70-8FCAF5F0DB03", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r14:*:*:*:*:*:*", matchCriteriaId: "1D21F05D-246F-41F5-81FD-286C26168E2E", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r14_b1:*:*:*:*:*:*", matchCriteriaId: "12103C87-C942-481A-A68C-7BC83F964C06", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r14b1:*:*:*:*:*:*", matchCriteriaId: "A2E0124D-6330-4013-8145-4309FDAE60A8", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r15:*:*:*:*:*:*", matchCriteriaId: "924E91FF-495F-4963-827F-57F7340C6560", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r15-p1:*:*:*:*:*:*", matchCriteriaId: "3BC02748-557A-4131-A372-D99B62B4B93B", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r15_b1:*:*:*:*:*:*", matchCriteriaId: "76A11284-3D81-45F0-8055-17282945C14F", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r16:*:*:*:*:*:*", matchCriteriaId: "98431CF5-D4C2-4FCF-BA81-0BBB631546D2", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r16-p1:*:*:*:*:*:*", matchCriteriaId: "FEA9F857-B59F-4D2D-8F7B-0D1BF08E9712", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.", }, { lang: "es", value: "En ISC DHCP versiones 4.4.0 anteriores a 4.4.3, ISC DHCP versiones 4.1-ESV-R1 anteriores a 4.1-ESV-R16-P1, cuando la función option_code_hash_lookup() es llamada desde add_option(), incrementa el campo refcount de la opción. Sin embargo, no se presenta una llamada correspondiente a option_dereference() para disminuir el campo refcount. La función add_option() sólo es usada en las respuestas del servidor a paquetes de consulta de arrendamiento. Cada respuesta de consulta de arrendamiento llama a esta función para varias opciones, por lo que eventualmente, los contadores de referencia podrían desbordarse y causar a el servidor abortar", }, ], id: "CVE-2022-2928", lastModified: "2024-11-21T07:01:56.183", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security-officer@isc.org", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2022-10-07T05:15:08.677", references: [ { source: "security-officer@isc.org", tags: [ "Vendor Advisory", ], url: "https://kb.isc.org/docs/cve-2022-2928", }, { source: "security-officer@isc.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html", }, { source: "security-officer@isc.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/", }, { source: "security-officer@isc.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/", }, { source: "security-officer@isc.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/", }, { source: "security-officer@isc.org", url: "https://security.gentoo.org/glsa/202305-22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.isc.org/docs/cve-2022-2928", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-22", }, ], sourceIdentifier: "security-officer@isc.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.