Improper input validation in Isc Dhcp

CVE-2011-4539

dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.323 (96.9th percentile) — read the EPSS interpretation.

Affected products

Isc Dhcp — versions 4.0, 4.0.0, 4.0.1
Canonical Ubuntu_linux — versions 11.04, 11.10
Debian Debian_linux — versions 6.0, 7.0
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

MDVSA-2011:182 (vendor-advisory, Third Party Advisory, x_refsource_MANDRIVA)
47153 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
FEDORA-2011-16976 (x_refsource_FEDORA, vendor-advisory, Mailing List, Third Party Advisory)
USN-1309-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
openSUSE-SU-2011:1318 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
isc-dhcp-dhcpd-regex-dos(71680) (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_XF)
47178 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
FEDORA-2011-16981 (x_refsource_FEDORA, vendor-advisory, Mailing List, Third Party Advisory)
DSA-2519 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)