fkie_cve-2022-2929
Vulnerability from fkie_nvd
Published
2022-10-07 05:15
Modified
2024-11-21 07:01
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | * | |
| isc | dhcp | * | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29B372FC-4ADF-480F-82EA-677BA9CE80F9",
"versionEndExcluding": "4.1-esv",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3828370A-E2C3-40C6-A4D4-A0E4FE932AD0",
"versionEndIncluding": "4.4.3",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10:*:*:*:*:*:*",
"matchCriteriaId": "179443DC-4B6A-408A-8BE5-B3E72188F43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_b1:*:*:*:*:*:*",
"matchCriteriaId": "C9BE7736-58CD-468B-84AB-B38C9B254BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_rc1:*:*:*:*:*:*",
"matchCriteriaId": "7EB6F7F0-B2A0-47E3-AD7A-4E7618A36F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10b1:*:*:*:*:*:*",
"matchCriteriaId": "CA5FAE54-1645-4A38-A431-10E67304399A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10rc1:*:*:*:*:*:*",
"matchCriteriaId": "2C0D1A71-CECB-4C86-87F6-EB3741BDF692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11:*:*:*:*:*:*",
"matchCriteriaId": "ADF80D19-3B0A-4A74-944E-F33CCC30EADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_b1:*:*:*:*:*:*",
"matchCriteriaId": "40B21FCB-43A8-4266-934D-ECFF8138F637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc1:*:*:*:*:*:*",
"matchCriteriaId": "69D49F23-9074-49E7-985F-4D93393324CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc2:*:*:*:*:*:*",
"matchCriteriaId": "3F729D1D-7234-4BC2-839B-AE1BB9D16C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11b1:*:*:*:*:*:*",
"matchCriteriaId": "9E01D88D-876D-45FE-B7ED-089DAD801EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4B030B1-F008-4562-93C7-7E1C6D3D00F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11rc2:*:*:*:*:*:*",
"matchCriteriaId": "FF656F5E-B317-4E0C-BF01-EC2A917142DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:*",
"matchCriteriaId": "FBA64EEC-C0C7-4F11-8131-2868691E54DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12-p1:*:*:*:*:*:*",
"matchCriteriaId": "FFD3109A-1D76-4EA7-BF39-0B203AD945CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_b1:*:*:*:*:*:*",
"matchCriteriaId": "157520D7-AE39-4E23-A8CF-DD75EA78C055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_p1:*:*:*:*:*:*",
"matchCriteriaId": "B07118EC-9508-42B8-8D09-5CE310DA2B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12b1:*:*:*:*:*:*",
"matchCriteriaId": "2156D1BC-90AE-4AF3-964C-DAC7DCE14A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13:*:*:*:*:*:*",
"matchCriteriaId": "A157E664-6ACE-44CE-AC07-64898B182EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13_b1:*:*:*:*:*:*",
"matchCriteriaId": "0056BF7A-4A70-4F1D-89C2-25CCDB65217B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13b1:*:*:*:*:*:*",
"matchCriteriaId": "BA8ADA07-94FA-4014-AF70-8FCAF5F0DB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14:*:*:*:*:*:*",
"matchCriteriaId": "1D21F05D-246F-41F5-81FD-286C26168E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14_b1:*:*:*:*:*:*",
"matchCriteriaId": "12103C87-C942-481A-A68C-7BC83F964C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14b1:*:*:*:*:*:*",
"matchCriteriaId": "A2E0124D-6330-4013-8145-4309FDAE60A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15:*:*:*:*:*:*",
"matchCriteriaId": "924E91FF-495F-4963-827F-57F7340C6560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15-p1:*:*:*:*:*:*",
"matchCriteriaId": "3BC02748-557A-4131-A372-D99B62B4B93B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15_b1:*:*:*:*:*:*",
"matchCriteriaId": "76A11284-3D81-45F0-8055-17282945C14F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r16:*:*:*:*:*:*",
"matchCriteriaId": "98431CF5-D4C2-4FCF-BA81-0BBB631546D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r16-p1:*:*:*:*:*:*",
"matchCriteriaId": "FEA9F857-B59F-4D2D-8F7B-0D1BF08E9712",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In ISC DHCP 1.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory."
},
{
"lang": "es",
"value": "En ISC DHCP versiones 1.0 anteriores a 4.4.3, ISC DHCP versiones 4.1-ESV-R1 anteriores a 4.1-ESV-R16-P1, un sistema con acceso a un servidor DHCP, enviando paquetes DHCP dise\u00f1ados para incluir etiquetas fqdn de m\u00e1s de 63 bytes, podr\u00eda llegar a causar a el servidor quedarse sin memoria"
}
],
"id": "CVE-2022-2929",
"lastModified": "2024-11-21T07:01:56.337",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-officer@isc.org",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-10-07T05:15:11.320",
"references": [
{
"source": "security-officer@isc.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/cve-2022-2929"
},
{
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"
},
{
"source": "security-officer@isc.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"
},
{
"source": "security-officer@isc.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"
},
{
"source": "security-officer@isc.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"
},
{
"source": "security-officer@isc.org",
"url": "https://security.gentoo.org/glsa/202305-22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/cve-2022-2929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"sourceIdentifier": "security-officer@isc.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.