Search criteria
36 vulnerabilities found for dhcpcd by dhcpcd_project
FKIE_CVE-2019-11766
Vulnerability from fkie_nvd - Published: 2019-05-05 06:29 - Updated: 2024-11-21 04:21
Severity ?
Summary
dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dhcpcd_project | dhcpcd | * | |
| dhcpcd_project | dhcpcd | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dhcpcd_project:dhcpcd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41C606A8-B11F-4FD8-B4A7-C0D277BBDE47",
"versionEndExcluding": "6.11.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dhcpcd_project:dhcpcd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C19281-7FE1-4BC1-BA43-EA42AF6D9E4C",
"versionEndExcluding": "7.2.2",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature."
},
{
"lang": "es",
"value": "dhcp6.c en dhcpcd versiones anteriores a 6.11.7 y 7.x en versiones anteriores a 7.2.2 tiene una sobre-lectura de b\u00fafer en la caracter\u00edstica D6_OPTION_PD_EXCLUDE."
}
],
"id": "CVE-2019-11766",
"lastModified": "2024-11-21T04:21:45.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-05T06:29:00.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/108172"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/928440"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002428.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7\u0026id=896ef4a54b0578985e5e1360b141593f1d62837b"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7\u0026id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/108172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/928440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002428.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7\u0026id=896ef4a54b0578985e5e1360b141593f1d62837b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7\u0026id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-11579
Vulnerability from fkie_nvd - Published: 2019-04-28 16:29 - Updated: 2024-11-21 04:21
Severity ?
Summary
dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/108090 | Broken Link | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/05/msg00024.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://roy.marples.name/archives/dhcpcd-discuss/0002415.html | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108090 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/05/msg00024.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://roy.marples.name/archives/dhcpcd-discuss/0002415.html | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dhcpcd_project | dhcpcd | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dhcpcd_project:dhcpcd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17443D4C-9FBD-482A-9034-D2A41C7C6792",
"versionEndExcluding": "7.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED."
},
{
"lang": "es",
"value": "dhcp.c en dhcpcd anterior a 7.2.1 contiene un desbordamiento de lectura de 1 byte con DHO_OPTSOVERLOADED."
}
],
"id": "CVE-2019-11579",
"lastModified": "2024-11-21T04:21:22.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-28T16:29:00.717",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/108090"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/108090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-11577
Vulnerability from fkie_nvd - Published: 2019-04-28 16:29 - Updated: 2024-11-21 04:21
Severity ?
Summary
dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp6.c when reading NA/TA addresses.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/108090 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://roy.marples.name/archives/dhcpcd-discuss/0002415.html | Third Party Advisory | |
| cve@mitre.org | https://roy.marples.name/git/dhcpcd.git/commit/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108090 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://roy.marples.name/archives/dhcpcd-discuss/0002415.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://roy.marples.name/git/dhcpcd.git/commit/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dhcpcd_project | dhcpcd | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dhcpcd_project:dhcpcd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17443D4C-9FBD-482A-9034-D2A41C7C6792",
"versionEndExcluding": "7.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp6.c when reading NA/TA addresses."
},
{
"lang": "es",
"value": "dhcpcd versi\u00f3n anterior a 7.2.1 contiene un desbordamiento de b\u00fafer en dhcp6_findna en dhcp6.c al leer direcciones NA/TA."
}
],
"id": "CVE-2019-11577",
"lastModified": "2024-11-21T04:21:22.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-28T16:29:00.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108090"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-11578
Vulnerability from fkie_nvd - Published: 2019-04-28 16:29 - Updated: 2024-11-21 04:21
Severity ?
Summary
auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dhcpcd_project | dhcpcd | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dhcpcd_project:dhcpcd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17443D4C-9FBD-482A-9034-D2A41C7C6792",
"versionEndExcluding": "7.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks."
},
{
"lang": "es",
"value": "auth.c en dhcpcd anterior a la 7.2.1 permite a los atacantes inferir secretos realizando ataques de latencia."
}
],
"id": "CVE-2019-11578",
"lastModified": "2024-11-21T04:21:22.557",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-28T16:29:00.530",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108090"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=7121040790b611ca3fbc400a1bbcd4364ef57233"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=aee631aadeef4283c8a749c1caf77823304acf5e"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784da"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=7121040790b611ca3fbc400a1bbcd4364ef57233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=aee631aadeef4283c8a749c1caf77823304acf5e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784da"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-1504
Vulnerability from fkie_nvd - Published: 2017-02-07 15:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dhcpcd_project | dhcpcd | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dhcpcd_project:dhcpcd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1D9FAA-608E-471D-9BF6-92E6D5C6D4B5",
"versionEndIncluding": "6.9.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length."
},
{
"lang": "es",
"value": "dhcpcd en versiones anteriores a 6.10.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura no v\u00e1lida y ca\u00edda) a trav\u00e9s de vectores relacionados con la longitud de la opci\u00f3n."
}
],
"id": "CVE-2016-1504",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-07T15:59:00.210",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://roy.marples.name/projects/dhcpcd/timeline?r=trunk\u0026nd\u0026c=2016-01-07+16%3A47%3A19\u0026n=200"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/07/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/07/4"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1034601"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201606-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://roy.marples.name/projects/dhcpcd/timeline?r=trunk\u0026nd\u0026c=2016-01-07+16%3A47%3A19\u0026n=200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/07/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/07/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201606-07"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-1503
Vulnerability from fkie_nvd - Published: 2016-04-18 00:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dhcpcd_project | dhcpcd | * | |
| android | 4.0 | ||
| android | 4.0.1 | ||
| android | 4.0.2 | ||
| android | 4.0.3 | ||
| android | 4.0.4 | ||
| android | 4.1 | ||
| android | 4.1.2 | ||
| android | 4.2 | ||
| android | 4.2.1 | ||
| android | 4.2.2 | ||
| android | 4.3 | ||
| android | 4.3.1 | ||
| android | 4.4 | ||
| android | 4.4.1 | ||
| android | 4.4.2 | ||
| android | 4.4.3 | ||
| android | 5.0 | ||
| android | 5.0.1 | ||
| android | 5.1 | ||
| android | 5.1.0 | ||
| android | 6.0 | ||
| android | 6.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dhcpcd_project:dhcpcd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1D9FAA-608E-471D-9BF6-92E6D5C6D4B5",
"versionEndIncluding": "6.9.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A39C31E3-75C0-4E92-A6B5-7D67B22E3449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB318EA4-2908-4B91-8DBB-20008FDF528A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4E46A9-B652-47CE-92E8-01021E57724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "36DD8E3F-6308-4680-B932-4CBD8E58A7FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DA9F0F7-D592-481E-884C-B1A94E702825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6CD857E7-B878-49F9-BDDA-93DDEBB0B42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A47AB858-36DE-4330-8CAC-1B46C5C8DA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49413FF7-7910-4F74-B106-C3170612CB2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8882E50-7C49-4A99-91F2-DF979CF8BB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "98C32982-095C-4628-9958-118A3D3A9CAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4E6353-B77A-464F-B7DE-932704003B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77125688-2CCA-4990-ABB2-551D47CB0CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A8EC00-266C-409B-AD43-18E8DFCD6FE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B846C63A-7261-481E-B4A4-0D8C79E0D8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634."
},
{
"lang": "es",
"value": "dhcpcd en versiones anteriores a 6.10.0, como se utiliza en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-04-01 y otros productos, no gestiona correctamente las longitudes de opci\u00f3n, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (desbordamiento de buffer basado en memoria din\u00e1mica) a trav\u00e9s de una respuesta DHCP mal formada, tambi\u00e9n conocida como error interno 26461634."
}
],
"id": "CVE-2016-1503",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-18T00:59:15.227",
"references": [
{
"source": "cve@mitre.org",
"url": "http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://source.android.com/security/bulletin/2016-04-02.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1034601"
},
{
"source": "cve@mitre.org",
"url": "https://android.googlesource.com/platform/external/dhcpcd/+/1390ace71179f04a09c300ee8d0300aa69d9db09"
},
{
"source": "cve@mitre.org",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05388711"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201606-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://source.android.com/security/bulletin/2016-04-02.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://android.googlesource.com/platform/external/dhcpcd/+/1390ace71179f04a09c300ee8d0300aa69d9db09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05388711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201606-07"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-6700
Vulnerability from fkie_nvd - Published: 2016-04-11 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 7.0 | |
| dhcpcd_project | dhcpcd | 3.1.9 | |
| dhcpcd_project | dhcpcd | 3.2.0 | |
| dhcpcd_project | dhcpcd | 3.2.1 | |
| dhcpcd_project | dhcpcd | 3.2.2 | |
| dhcpcd_project | dhcpcd | 3.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dhcpcd_project:dhcpcd:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2B1E88F6-88C5-4862-AD76-47A3CF237746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dhcpcd_project:dhcpcd:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4898D80-7EEA-4341-B3EC-5FD836D6B148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dhcpcd_project:dhcpcd:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6665856-C977-41CB-B6AB-0552AD6DC3F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dhcpcd_project:dhcpcd:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "096947C8-E981-4082-A2EB-C97EB8FB479F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dhcpcd_project:dhcpcd:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "073B2358-53E3-4158-9EE7-7F532BDD8D57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response."
},
{
"lang": "es",
"value": "La funci\u00f3n decode_search en dhcp.c en dhcpcd 3.x no libera correctamente memoria asignada, lo que permite a servidores DHCP remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de una respuesta manipulada."
}
],
"id": "CVE-2012-6700",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-11T15:59:02.220",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3534"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/1"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226"
},
{
"source": "cve@mitre.org",
"url": "https://launchpadlibrarian.net/228152582/dhcp.c.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpadlibrarian.net/228152582/dhcp.c.patch"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-6699
Vulnerability from fkie_nvd - Published: 2016-04-11 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 7.0 | |
| dhcpcd_project | dhcpcd | 3.1.9 | |
| dhcpcd_project | dhcpcd | 3.2.0 | |
| dhcpcd_project | dhcpcd | 3.2.1 | |
| dhcpcd_project | dhcpcd | 3.2.2 | |
| dhcpcd_project | dhcpcd | 3.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dhcpcd_project:dhcpcd:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2B1E88F6-88C5-4862-AD76-47A3CF237746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dhcpcd_project:dhcpcd:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4898D80-7EEA-4341-B3EC-5FD836D6B148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dhcpcd_project:dhcpcd:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6665856-C977-41CB-B6AB-0552AD6DC3F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dhcpcd_project:dhcpcd:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "096947C8-E981-4082-A2EB-C97EB8FB479F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dhcpcd_project:dhcpcd:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "073B2358-53E3-4158-9EE7-7F532BDD8D57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response."
},
{
"lang": "es",
"value": "La funci\u00f3n decode_search en dhcp.c en dhcpcd 3.x permite a servidores DHCP remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) a trav\u00e9s de una respuesta manipulada."
}
],
"id": "CVE-2012-6699",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-11T15:59:01.237",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3534"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/1"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226"
},
{
"source": "cve@mitre.org",
"url": "https://launchpadlibrarian.net/228152582/dhcp.c.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpadlibrarian.net/228152582/dhcp.c.patch"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-6698
Vulnerability from fkie_nvd - Published: 2016-04-11 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 7.0 | |
| dhcpcd_project | dhcpcd | 3.1.9 | |
| dhcpcd_project | dhcpcd | 3.2.0 | |
| dhcpcd_project | dhcpcd | 3.2.1 | |
| dhcpcd_project | dhcpcd | 3.2.2 | |
| dhcpcd_project | dhcpcd | 3.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dhcpcd_project:dhcpcd:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2B1E88F6-88C5-4862-AD76-47A3CF237746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dhcpcd_project:dhcpcd:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4898D80-7EEA-4341-B3EC-5FD836D6B148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dhcpcd_project:dhcpcd:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6665856-C977-41CB-B6AB-0552AD6DC3F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dhcpcd_project:dhcpcd:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "096947C8-E981-4082-A2EB-C97EB8FB479F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dhcpcd_project:dhcpcd:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "073B2358-53E3-4158-9EE7-7F532BDD8D57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response."
},
{
"lang": "es",
"value": "La funci\u00f3n decode_search en dhcp.c en dhcpcd 3.x permite a servidores DHCP remotos provocar una denegaci\u00f3n de servicio (escritura fuera de l\u00edmites) a trav\u00e9s de una respuesta manipulada."
}
],
"id": "CVE-2012-6698",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-11T15:59:00.127",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3534"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/1"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226"
},
{
"source": "cve@mitre.org",
"url": "https://launchpadlibrarian.net/228152582/dhcp.c.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpadlibrarian.net/228152582/dhcp.c.patch"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-7913
Vulnerability from fkie_nvd - Published: 2015-07-30 00:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dhcpcd_project | dhcpcd | * | |
| android | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dhcpcd_project:dhcpcd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68C5AA5F-9192-4EEA-B999-E64574694AA0",
"versionEndIncluding": "6.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8255F035-04C8-4158-B301-82101711939C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted message."
},
{
"lang": "es",
"value": "Vulnerabilidad en la funci\u00f3n print_option en dhcp-common.c hasta la versi\u00f3n 6.9.1 de dhcpcd, usado en dhcp.c en dhcpcd 5.x, en Android en versiones anteriores a la 5.1 y otros productos, malinterpreta el valor de retorno de la funci\u00f3n snprintf, lo cual permite a servidores DHCP remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un mensaje manipulado."
}
],
"id": "CVE-2014-7913",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-07-30T00:59:01.287",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securitytracker.com/id/1033124"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://android.googlesource.com/platform/external/dhcpcd/+/73c09dd8067250734511d955d8f792b41c7213f0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://android.googlesource.com/platform/external/dhcpcd/+/73c09dd8067250734511d955d8f792b41c7213f0"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-7912
Vulnerability from fkie_nvd - Published: 2015-07-30 00:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a large length value of an option in a DHCPACK message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dhcpcd_project | dhcpcd | * | |
| android | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dhcpcd_project:dhcpcd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F591099A-EACA-401B-968E-62A42350CDB9",
"versionEndIncluding": "6.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8255F035-04C8-4158-B301-82101711939C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a large length value of an option in a DHCPACK message."
},
{
"lang": "es",
"value": "Vulnerabilidad en la funci\u00f3n get_option en dhcp.c en las versiones de dhcpcd anteriores a la 6.2.0, usado en dhcpcd 5.x, en Android en versiones anteriores a la 5.1 y otros productos, no valida la relaci\u00f3n entre la longitud de los campos y la cantidad de datos, lo cual permite a servidores DHCP remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un valor de gr\u00e1n longitud de una opci\u00f3n en un mensaje DHCPACK."
}
],
"id": "CVE-2014-7912",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-07-30T00:59:00.163",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securitytracker.com/id/1033124"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-093/"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://android.googlesource.com/platform/external/dhcpcd/+/73c09dd8067250734511d955d8f792b41c7213f0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-093/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://android.googlesource.com/platform/external/dhcpcd/+/73c09dd8067250734511d955d8f792b41c7213f0"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-11766 (GCVE-0-2019-11766)
Vulnerability from cvelistv5 – Published: 2019-05-05 05:18 – Updated: 2024-08-04 23:03
VLAI?
Summary
dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:32.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/928440"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002428.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7\u0026id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7\u0026id=896ef4a54b0578985e5e1360b141593f1d62837b"
},
{
"name": "108172",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108172"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-07T13:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/928440"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002428.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7\u0026id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7\u0026id=896ef4a54b0578985e5e1360b141593f1d62837b"
},
{
"name": "108172",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108172"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/928440",
"refsource": "MISC",
"url": "https://bugs.debian.org/928440"
},
{
"name": "https://roy.marples.name/archives/dhcpcd-discuss/0002428.html",
"refsource": "MISC",
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002428.html"
},
{
"name": "https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7\u0026id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8",
"refsource": "MISC",
"url": "https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7\u0026id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8"
},
{
"name": "https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7\u0026id=896ef4a54b0578985e5e1360b141593f1d62837b",
"refsource": "MISC",
"url": "https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7\u0026id=896ef4a54b0578985e5e1360b141593f1d62837b"
},
{
"name": "108172",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108172"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11766",
"datePublished": "2019-05-05T05:18:14",
"dateReserved": "2019-05-05T00:00:00",
"dateUpdated": "2024-08-04T23:03:32.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11579 (GCVE-0-2019-11579)
Vulnerability from cvelistv5 – Published: 2019-04-28 15:22 – Updated: 2024-08-04 22:55
VLAI?
Summary
dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8"
},
{
"name": "108090",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108090"
},
{
"name": "[debian-lts-announce] 20190519 [SECURITY] [DLA 1793-1] dhcpcd5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-19T20:06:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8"
},
{
"name": "108090",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108090"
},
{
"name": "[debian-lts-announce] 20190519 [SECURITY] [DLA 1793-1] dhcpcd5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00024.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11579",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html",
"refsource": "MISC",
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html"
},
{
"name": "https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8",
"refsource": "MISC",
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8"
},
{
"name": "108090",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108090"
},
{
"name": "[debian-lts-announce] 20190519 [SECURITY] [DLA 1793-1] dhcpcd5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00024.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11579",
"datePublished": "2019-04-28T15:22:37",
"dateReserved": "2019-04-28T00:00:00",
"dateUpdated": "2024-08-04T22:55:40.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11578 (GCVE-0-2019-11578)
Vulnerability from cvelistv5 – Published: 2019-04-28 15:22 – Updated: 2024-08-04 22:55
VLAI?
Summary
auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:41.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=7121040790b611ca3fbc400a1bbcd4364ef57233"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784da"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=aee631aadeef4283c8a749c1caf77823304acf5e"
},
{
"name": "108090",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108090"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-29T11:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=7121040790b611ca3fbc400a1bbcd4364ef57233"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784da"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=aee631aadeef4283c8a749c1caf77823304acf5e"
},
{
"name": "108090",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108090"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html",
"refsource": "MISC",
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html"
},
{
"name": "https://roy.marples.name/git/dhcpcd.git/commit/?id=7121040790b611ca3fbc400a1bbcd4364ef57233",
"refsource": "MISC",
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=7121040790b611ca3fbc400a1bbcd4364ef57233"
},
{
"name": "https://roy.marples.name/git/dhcpcd.git/commit/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784da",
"refsource": "MISC",
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784da"
},
{
"name": "https://roy.marples.name/git/dhcpcd.git/commit/?id=aee631aadeef4283c8a749c1caf77823304acf5e",
"refsource": "MISC",
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=aee631aadeef4283c8a749c1caf77823304acf5e"
},
{
"name": "108090",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108090"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11578",
"datePublished": "2019-04-28T15:22:24",
"dateReserved": "2019-04-28T00:00:00",
"dateUpdated": "2024-08-04T22:55:41.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11577 (GCVE-0-2019-11577)
Vulnerability from cvelistv5 – Published: 2019-04-28 15:22 – Updated: 2024-08-04 22:55
VLAI?
Summary
dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp6.c when reading NA/TA addresses.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:41.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html"
},
{
"name": "108090",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108090"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp6.c when reading NA/TA addresses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-29T11:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html"
},
{
"name": "108090",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108090"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp6.c when reading NA/TA addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://roy.marples.name/git/dhcpcd.git/commit/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6",
"refsource": "MISC",
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6"
},
{
"name": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html",
"refsource": "MISC",
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html"
},
{
"name": "108090",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108090"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11577",
"datePublished": "2019-04-28T15:22:10",
"dateReserved": "2019-04-28T00:00:00",
"dateUpdated": "2024-08-04T22:55:41.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1504 (GCVE-0-2016-1504)
Vulnerability from cvelistv5 – Published: 2017-02-07 15:00 – Updated: 2024-08-05 22:55
VLAI?
Summary
dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160107 CVE id request: dhcpcd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/07/3"
},
{
"name": "[oss-security] 20160107 Re: CVE id request: dhcpcd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/07/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403"
},
{
"name": "GLSA-201606-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201606-07"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://roy.marples.name/projects/dhcpcd/timeline?r=trunk\u0026nd\u0026c=2016-01-07+16%3A47%3A19\u0026n=200"
},
{
"name": "1034601",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-09T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160107 CVE id request: dhcpcd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/07/3"
},
{
"name": "[oss-security] 20160107 Re: CVE id request: dhcpcd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/07/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403"
},
{
"name": "GLSA-201606-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201606-07"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://roy.marples.name/projects/dhcpcd/timeline?r=trunk\u0026nd\u0026c=2016-01-07+16%3A47%3A19\u0026n=200"
},
{
"name": "1034601",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034601"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160107 CVE id request: dhcpcd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/07/3"
},
{
"name": "[oss-security] 20160107 Re: CVE id request: dhcpcd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/07/4"
},
{
"name": "http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403",
"refsource": "CONFIRM",
"url": "http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403"
},
{
"name": "GLSA-201606-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201606-07"
},
{
"name": "http://roy.marples.name/projects/dhcpcd/timeline?r=trunk\u0026nd\u0026c=2016-01-07+16%3A47%3A19\u0026n=200",
"refsource": "CONFIRM",
"url": "http://roy.marples.name/projects/dhcpcd/timeline?r=trunk\u0026nd\u0026c=2016-01-07+16%3A47%3A19\u0026n=200"
},
{
"name": "1034601",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034601"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1504",
"datePublished": "2017-02-07T15:00:00",
"dateReserved": "2016-01-07T00:00:00",
"dateUpdated": "2024-08-05T22:55:14.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1503 (GCVE-0-2016-1503)
Vulnerability from cvelistv5 – Published: 2016-04-18 00:00 – Updated: 2024-08-05 22:55
VLAI?
Summary
dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201606-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201606-07"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://android.googlesource.com/platform/external/dhcpcd/+/1390ace71179f04a09c300ee8d0300aa69d9db09"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.android.com/security/bulletin/2016-04-02.html"
},
{
"name": "HPSBPI03554",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05388711"
},
{
"name": "1034601",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-09T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201606-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201606-07"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://android.googlesource.com/platform/external/dhcpcd/+/1390ace71179f04a09c300ee8d0300aa69d9db09"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.android.com/security/bulletin/2016-04-02.html"
},
{
"name": "HPSBPI03554",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05388711"
},
{
"name": "1034601",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034601"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201606-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201606-07"
},
{
"name": "https://android.googlesource.com/platform/external/dhcpcd/+/1390ace71179f04a09c300ee8d0300aa69d9db09",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/external/dhcpcd/+/1390ace71179f04a09c300ee8d0300aa69d9db09"
},
{
"name": "http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30",
"refsource": "CONFIRM",
"url": "http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30"
},
{
"name": "http://source.android.com/security/bulletin/2016-04-02.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-04-02.html"
},
{
"name": "HPSBPI03554",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05388711"
},
{
"name": "1034601",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034601"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1503",
"datePublished": "2016-04-18T00:00:00",
"dateReserved": "2016-01-07T00:00:00",
"dateUpdated": "2024-08-05T22:55:14.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6699 (GCVE-0-2012-6699)
Vulnerability from cvelistv5 – Published: 2016-04-11 15:00 – Updated: 2024-08-06 21:36
VLAI?
Summary
The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:02.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226"
},
{
"name": "[oss-security] 20151202 CVE Request: dhcpcd 3.x, potentially other versions too",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpadlibrarian.net/228152582/dhcp.c.patch"
},
{
"name": "DSA-3534",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3534"
},
{
"name": "[oss-security] 20151203 Re: CVE Request: dhcpcd 3.x, potentially other versions too",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-11T14:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226"
},
{
"name": "[oss-security] 20151202 CVE Request: dhcpcd 3.x, potentially other versions too",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpadlibrarian.net/228152582/dhcp.c.patch"
},
{
"name": "DSA-3534",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3534"
},
{
"name": "[oss-security] 20151203 Re: CVE Request: dhcpcd 3.x, potentially other versions too",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226"
},
{
"name": "[oss-security] 20151202 CVE Request: dhcpcd 3.x, potentially other versions too",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/1"
},
{
"name": "https://launchpadlibrarian.net/228152582/dhcp.c.patch",
"refsource": "CONFIRM",
"url": "https://launchpadlibrarian.net/228152582/dhcp.c.patch"
},
{
"name": "DSA-3534",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3534"
},
{
"name": "[oss-security] 20151203 Re: CVE Request: dhcpcd 3.x, potentially other versions too",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6699",
"datePublished": "2016-04-11T15:00:00",
"dateReserved": "2015-12-03T00:00:00",
"dateUpdated": "2024-08-06T21:36:02.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6698 (GCVE-0-2012-6698)
Vulnerability from cvelistv5 – Published: 2016-04-11 15:00 – Updated: 2024-08-06 21:36
VLAI?
Summary
The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:02.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226"
},
{
"name": "[oss-security] 20151202 CVE Request: dhcpcd 3.x, potentially other versions too",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpadlibrarian.net/228152582/dhcp.c.patch"
},
{
"name": "DSA-3534",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3534"
},
{
"name": "[oss-security] 20151203 Re: CVE Request: dhcpcd 3.x, potentially other versions too",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-11T14:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226"
},
{
"name": "[oss-security] 20151202 CVE Request: dhcpcd 3.x, potentially other versions too",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpadlibrarian.net/228152582/dhcp.c.patch"
},
{
"name": "DSA-3534",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3534"
},
{
"name": "[oss-security] 20151203 Re: CVE Request: dhcpcd 3.x, potentially other versions too",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226"
},
{
"name": "[oss-security] 20151202 CVE Request: dhcpcd 3.x, potentially other versions too",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/1"
},
{
"name": "https://launchpadlibrarian.net/228152582/dhcp.c.patch",
"refsource": "CONFIRM",
"url": "https://launchpadlibrarian.net/228152582/dhcp.c.patch"
},
{
"name": "DSA-3534",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3534"
},
{
"name": "[oss-security] 20151203 Re: CVE Request: dhcpcd 3.x, potentially other versions too",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6698",
"datePublished": "2016-04-11T15:00:00",
"dateReserved": "2015-12-03T00:00:00",
"dateUpdated": "2024-08-06T21:36:02.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6700 (GCVE-0-2012-6700)
Vulnerability from cvelistv5 – Published: 2016-04-11 15:00 – Updated: 2024-08-06 21:36
VLAI?
Summary
The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:02.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226"
},
{
"name": "[oss-security] 20151202 CVE Request: dhcpcd 3.x, potentially other versions too",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpadlibrarian.net/228152582/dhcp.c.patch"
},
{
"name": "DSA-3534",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3534"
},
{
"name": "[oss-security] 20151203 Re: CVE Request: dhcpcd 3.x, potentially other versions too",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-11T14:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226"
},
{
"name": "[oss-security] 20151202 CVE Request: dhcpcd 3.x, potentially other versions too",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpadlibrarian.net/228152582/dhcp.c.patch"
},
{
"name": "DSA-3534",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3534"
},
{
"name": "[oss-security] 20151203 Re: CVE Request: dhcpcd 3.x, potentially other versions too",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226"
},
{
"name": "[oss-security] 20151202 CVE Request: dhcpcd 3.x, potentially other versions too",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/1"
},
{
"name": "https://launchpadlibrarian.net/228152582/dhcp.c.patch",
"refsource": "CONFIRM",
"url": "https://launchpadlibrarian.net/228152582/dhcp.c.patch"
},
{
"name": "DSA-3534",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3534"
},
{
"name": "[oss-security] 20151203 Re: CVE Request: dhcpcd 3.x, potentially other versions too",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6700",
"datePublished": "2016-04-11T15:00:00",
"dateReserved": "2015-12-03T00:00:00",
"dateUpdated": "2024-08-06T21:36:02.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7913 (GCVE-0-2014-7913)
Vulnerability from cvelistv5 – Published: 2015-07-30 00:00 – Updated: 2024-08-06 13:03
VLAI?
Summary
The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:03:27.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033124",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033124"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://android.googlesource.com/platform/external/dhcpcd/+/73c09dd8067250734511d955d8f792b41c7213f0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "1033124",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033124"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://android.googlesource.com/platform/external/dhcpcd/+/73c09dd8067250734511d955d8f792b41c7213f0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-7913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033124",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033124"
},
{
"name": "https://android.googlesource.com/platform/external/dhcpcd/+/73c09dd8067250734511d955d8f792b41c7213f0",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/external/dhcpcd/+/73c09dd8067250734511d955d8f792b41c7213f0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2014-7913",
"datePublished": "2015-07-30T00:00:00",
"dateReserved": "2014-10-06T00:00:00",
"dateUpdated": "2024-08-06T13:03:27.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11766 (GCVE-0-2019-11766)
Vulnerability from nvd – Published: 2019-05-05 05:18 – Updated: 2024-08-04 23:03
VLAI?
Summary
dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:32.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/928440"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002428.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7\u0026id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7\u0026id=896ef4a54b0578985e5e1360b141593f1d62837b"
},
{
"name": "108172",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108172"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-07T13:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/928440"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002428.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7\u0026id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7\u0026id=896ef4a54b0578985e5e1360b141593f1d62837b"
},
{
"name": "108172",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108172"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/928440",
"refsource": "MISC",
"url": "https://bugs.debian.org/928440"
},
{
"name": "https://roy.marples.name/archives/dhcpcd-discuss/0002428.html",
"refsource": "MISC",
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002428.html"
},
{
"name": "https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7\u0026id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8",
"refsource": "MISC",
"url": "https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7\u0026id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8"
},
{
"name": "https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7\u0026id=896ef4a54b0578985e5e1360b141593f1d62837b",
"refsource": "MISC",
"url": "https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7\u0026id=896ef4a54b0578985e5e1360b141593f1d62837b"
},
{
"name": "108172",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108172"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11766",
"datePublished": "2019-05-05T05:18:14",
"dateReserved": "2019-05-05T00:00:00",
"dateUpdated": "2024-08-04T23:03:32.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11579 (GCVE-0-2019-11579)
Vulnerability from nvd – Published: 2019-04-28 15:22 – Updated: 2024-08-04 22:55
VLAI?
Summary
dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8"
},
{
"name": "108090",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108090"
},
{
"name": "[debian-lts-announce] 20190519 [SECURITY] [DLA 1793-1] dhcpcd5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-19T20:06:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8"
},
{
"name": "108090",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108090"
},
{
"name": "[debian-lts-announce] 20190519 [SECURITY] [DLA 1793-1] dhcpcd5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00024.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11579",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html",
"refsource": "MISC",
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html"
},
{
"name": "https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8",
"refsource": "MISC",
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8"
},
{
"name": "108090",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108090"
},
{
"name": "[debian-lts-announce] 20190519 [SECURITY] [DLA 1793-1] dhcpcd5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00024.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11579",
"datePublished": "2019-04-28T15:22:37",
"dateReserved": "2019-04-28T00:00:00",
"dateUpdated": "2024-08-04T22:55:40.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11578 (GCVE-0-2019-11578)
Vulnerability from nvd – Published: 2019-04-28 15:22 – Updated: 2024-08-04 22:55
VLAI?
Summary
auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:41.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=7121040790b611ca3fbc400a1bbcd4364ef57233"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784da"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=aee631aadeef4283c8a749c1caf77823304acf5e"
},
{
"name": "108090",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108090"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-29T11:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=7121040790b611ca3fbc400a1bbcd4364ef57233"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784da"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=aee631aadeef4283c8a749c1caf77823304acf5e"
},
{
"name": "108090",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108090"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html",
"refsource": "MISC",
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html"
},
{
"name": "https://roy.marples.name/git/dhcpcd.git/commit/?id=7121040790b611ca3fbc400a1bbcd4364ef57233",
"refsource": "MISC",
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=7121040790b611ca3fbc400a1bbcd4364ef57233"
},
{
"name": "https://roy.marples.name/git/dhcpcd.git/commit/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784da",
"refsource": "MISC",
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784da"
},
{
"name": "https://roy.marples.name/git/dhcpcd.git/commit/?id=aee631aadeef4283c8a749c1caf77823304acf5e",
"refsource": "MISC",
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=aee631aadeef4283c8a749c1caf77823304acf5e"
},
{
"name": "108090",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108090"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11578",
"datePublished": "2019-04-28T15:22:24",
"dateReserved": "2019-04-28T00:00:00",
"dateUpdated": "2024-08-04T22:55:41.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11577 (GCVE-0-2019-11577)
Vulnerability from nvd – Published: 2019-04-28 15:22 – Updated: 2024-08-04 22:55
VLAI?
Summary
dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp6.c when reading NA/TA addresses.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:41.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html"
},
{
"name": "108090",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108090"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp6.c when reading NA/TA addresses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-29T11:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html"
},
{
"name": "108090",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108090"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp6.c when reading NA/TA addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://roy.marples.name/git/dhcpcd.git/commit/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6",
"refsource": "MISC",
"url": "https://roy.marples.name/git/dhcpcd.git/commit/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6"
},
{
"name": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html",
"refsource": "MISC",
"url": "https://roy.marples.name/archives/dhcpcd-discuss/0002415.html"
},
{
"name": "108090",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108090"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11577",
"datePublished": "2019-04-28T15:22:10",
"dateReserved": "2019-04-28T00:00:00",
"dateUpdated": "2024-08-04T22:55:41.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1504 (GCVE-0-2016-1504)
Vulnerability from nvd – Published: 2017-02-07 15:00 – Updated: 2024-08-05 22:55
VLAI?
Summary
dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160107 CVE id request: dhcpcd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/07/3"
},
{
"name": "[oss-security] 20160107 Re: CVE id request: dhcpcd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/07/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403"
},
{
"name": "GLSA-201606-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201606-07"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://roy.marples.name/projects/dhcpcd/timeline?r=trunk\u0026nd\u0026c=2016-01-07+16%3A47%3A19\u0026n=200"
},
{
"name": "1034601",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-09T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160107 CVE id request: dhcpcd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/07/3"
},
{
"name": "[oss-security] 20160107 Re: CVE id request: dhcpcd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/07/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403"
},
{
"name": "GLSA-201606-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201606-07"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://roy.marples.name/projects/dhcpcd/timeline?r=trunk\u0026nd\u0026c=2016-01-07+16%3A47%3A19\u0026n=200"
},
{
"name": "1034601",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034601"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160107 CVE id request: dhcpcd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/07/3"
},
{
"name": "[oss-security] 20160107 Re: CVE id request: dhcpcd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/07/4"
},
{
"name": "http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403",
"refsource": "CONFIRM",
"url": "http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403"
},
{
"name": "GLSA-201606-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201606-07"
},
{
"name": "http://roy.marples.name/projects/dhcpcd/timeline?r=trunk\u0026nd\u0026c=2016-01-07+16%3A47%3A19\u0026n=200",
"refsource": "CONFIRM",
"url": "http://roy.marples.name/projects/dhcpcd/timeline?r=trunk\u0026nd\u0026c=2016-01-07+16%3A47%3A19\u0026n=200"
},
{
"name": "1034601",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034601"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1504",
"datePublished": "2017-02-07T15:00:00",
"dateReserved": "2016-01-07T00:00:00",
"dateUpdated": "2024-08-05T22:55:14.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1503 (GCVE-0-2016-1503)
Vulnerability from nvd – Published: 2016-04-18 00:00 – Updated: 2024-08-05 22:55
VLAI?
Summary
dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201606-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201606-07"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://android.googlesource.com/platform/external/dhcpcd/+/1390ace71179f04a09c300ee8d0300aa69d9db09"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.android.com/security/bulletin/2016-04-02.html"
},
{
"name": "HPSBPI03554",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05388711"
},
{
"name": "1034601",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-09T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201606-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201606-07"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://android.googlesource.com/platform/external/dhcpcd/+/1390ace71179f04a09c300ee8d0300aa69d9db09"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.android.com/security/bulletin/2016-04-02.html"
},
{
"name": "HPSBPI03554",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05388711"
},
{
"name": "1034601",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034601"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201606-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201606-07"
},
{
"name": "https://android.googlesource.com/platform/external/dhcpcd/+/1390ace71179f04a09c300ee8d0300aa69d9db09",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/external/dhcpcd/+/1390ace71179f04a09c300ee8d0300aa69d9db09"
},
{
"name": "http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30",
"refsource": "CONFIRM",
"url": "http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30"
},
{
"name": "http://source.android.com/security/bulletin/2016-04-02.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-04-02.html"
},
{
"name": "HPSBPI03554",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05388711"
},
{
"name": "1034601",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034601"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1503",
"datePublished": "2016-04-18T00:00:00",
"dateReserved": "2016-01-07T00:00:00",
"dateUpdated": "2024-08-05T22:55:14.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6699 (GCVE-0-2012-6699)
Vulnerability from nvd – Published: 2016-04-11 15:00 – Updated: 2024-08-06 21:36
VLAI?
Summary
The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:02.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226"
},
{
"name": "[oss-security] 20151202 CVE Request: dhcpcd 3.x, potentially other versions too",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpadlibrarian.net/228152582/dhcp.c.patch"
},
{
"name": "DSA-3534",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3534"
},
{
"name": "[oss-security] 20151203 Re: CVE Request: dhcpcd 3.x, potentially other versions too",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-11T14:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226"
},
{
"name": "[oss-security] 20151202 CVE Request: dhcpcd 3.x, potentially other versions too",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpadlibrarian.net/228152582/dhcp.c.patch"
},
{
"name": "DSA-3534",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3534"
},
{
"name": "[oss-security] 20151203 Re: CVE Request: dhcpcd 3.x, potentially other versions too",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226"
},
{
"name": "[oss-security] 20151202 CVE Request: dhcpcd 3.x, potentially other versions too",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/1"
},
{
"name": "https://launchpadlibrarian.net/228152582/dhcp.c.patch",
"refsource": "CONFIRM",
"url": "https://launchpadlibrarian.net/228152582/dhcp.c.patch"
},
{
"name": "DSA-3534",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3534"
},
{
"name": "[oss-security] 20151203 Re: CVE Request: dhcpcd 3.x, potentially other versions too",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6699",
"datePublished": "2016-04-11T15:00:00",
"dateReserved": "2015-12-03T00:00:00",
"dateUpdated": "2024-08-06T21:36:02.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6698 (GCVE-0-2012-6698)
Vulnerability from nvd – Published: 2016-04-11 15:00 – Updated: 2024-08-06 21:36
VLAI?
Summary
The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:02.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226"
},
{
"name": "[oss-security] 20151202 CVE Request: dhcpcd 3.x, potentially other versions too",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpadlibrarian.net/228152582/dhcp.c.patch"
},
{
"name": "DSA-3534",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3534"
},
{
"name": "[oss-security] 20151203 Re: CVE Request: dhcpcd 3.x, potentially other versions too",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-11T14:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226"
},
{
"name": "[oss-security] 20151202 CVE Request: dhcpcd 3.x, potentially other versions too",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpadlibrarian.net/228152582/dhcp.c.patch"
},
{
"name": "DSA-3534",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3534"
},
{
"name": "[oss-security] 20151203 Re: CVE Request: dhcpcd 3.x, potentially other versions too",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226"
},
{
"name": "[oss-security] 20151202 CVE Request: dhcpcd 3.x, potentially other versions too",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/1"
},
{
"name": "https://launchpadlibrarian.net/228152582/dhcp.c.patch",
"refsource": "CONFIRM",
"url": "https://launchpadlibrarian.net/228152582/dhcp.c.patch"
},
{
"name": "DSA-3534",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3534"
},
{
"name": "[oss-security] 20151203 Re: CVE Request: dhcpcd 3.x, potentially other versions too",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6698",
"datePublished": "2016-04-11T15:00:00",
"dateReserved": "2015-12-03T00:00:00",
"dateUpdated": "2024-08-06T21:36:02.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6700 (GCVE-0-2012-6700)
Vulnerability from nvd – Published: 2016-04-11 15:00 – Updated: 2024-08-06 21:36
VLAI?
Summary
The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:02.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226"
},
{
"name": "[oss-security] 20151202 CVE Request: dhcpcd 3.x, potentially other versions too",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpadlibrarian.net/228152582/dhcp.c.patch"
},
{
"name": "DSA-3534",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3534"
},
{
"name": "[oss-security] 20151203 Re: CVE Request: dhcpcd 3.x, potentially other versions too",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-11T14:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226"
},
{
"name": "[oss-security] 20151202 CVE Request: dhcpcd 3.x, potentially other versions too",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpadlibrarian.net/228152582/dhcp.c.patch"
},
{
"name": "DSA-3534",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3534"
},
{
"name": "[oss-security] 20151203 Re: CVE Request: dhcpcd 3.x, potentially other versions too",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226"
},
{
"name": "[oss-security] 20151202 CVE Request: dhcpcd 3.x, potentially other versions too",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/1"
},
{
"name": "https://launchpadlibrarian.net/228152582/dhcp.c.patch",
"refsource": "CONFIRM",
"url": "https://launchpadlibrarian.net/228152582/dhcp.c.patch"
},
{
"name": "DSA-3534",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3534"
},
{
"name": "[oss-security] 20151203 Re: CVE Request: dhcpcd 3.x, potentially other versions too",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6700",
"datePublished": "2016-04-11T15:00:00",
"dateReserved": "2015-12-03T00:00:00",
"dateUpdated": "2024-08-06T21:36:02.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}