Improper input validation in Isc Dhcp

CVE-2011-2748

The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.878 (99.5th percentile) — read the EPSS interpretation.

Affected products

Isc Dhcp — versions 3.0, 3.0.1, 3.0.2
Canonical Ubuntu_linux — versions 8.04, 10.04, 10.10
Debian Debian_linux — versions 5.0, 6.0, 7.0
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

USN-1190-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)
FEDORA-2011-10705 (x_refsource_FEDORA, vendor-advisory, Third Party Advisory)
45595 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
openSUSE-SU-2011:1021 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
DSA-2292 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
RHSA-2011:1160 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
1025918 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
45817 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
49120 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)