Buffer overflow in Isc Dhcp

CVE-2012-3571

ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.

Vulnerability class: Buffer Overflow

EPSS: 0.206 (95.7th percentile) — read the EPSS interpretation.

Affected products

Isc Dhcp — versions 4.1.2, 4.2.0, 4.2.1
Canonical Ubuntu_linux — versions 11.04, 11.10, 12.04
Debian Debian_linux — versions 6.0, 7.0
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
DSA-2516 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
RHSA-2012:1141 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
MDVSA-2012:116 (vendor-advisory, Third Party Advisory, x_refsource_MANDRIVA)
openSUSE-SU-2012:1006 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)
MDVSA-2012:115 (vendor-advisory, Third Party Advisory, x_refsource_MANDRIVA)
DSA-2519 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
USN-1519-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)