fkie_cve-2012-3954
Vulnerability from fkie_nvd
Published
2012-07-25 10:42
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2012-08/msg00030.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2012-1141.htmlThird Party Advisory
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-201301-06.xmlThird Party Advisory
cve@mitre.orghttp://www.debian.org/security/2012/dsa-2516Third Party Advisory
cve@mitre.orghttp://www.debian.org/security/2012/dsa-2519Third Party Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2012:115Third Party Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2012:116Third Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/54665Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.securitytracker.com/id?1027300Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1519-1Third Party Advisory
cve@mitre.orghttps://kb.isc.org/article/AA-00737Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1141.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201301-06.xmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2012/dsa-2516Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2012/dsa-2519Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2012:115Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2012:116Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/54665Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1027300Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1519-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://kb.isc.org/article/AA-00737Vendor Advisory
Impacted products
Vendor Product Version
isc dhcp 4.1.0
isc dhcp 4.1.0
isc dhcp 4.1.0
isc dhcp 4.1.0
isc dhcp 4.1.1
isc dhcp 4.1.1
isc dhcp 4.1.1
isc dhcp 4.1.1
isc dhcp 4.1.1
isc dhcp 4.1.2
isc dhcp 4.1.2
isc dhcp 4.1.2
isc dhcp 4.1.2
isc dhcp 4.2.0
isc dhcp 4.2.0
isc dhcp 4.2.0
isc dhcp 4.2.0
isc dhcp 4.2.0
isc dhcp 4.2.0
isc dhcp 4.2.0
isc dhcp 4.2.1
isc dhcp 4.2.1
isc dhcp 4.2.1
isc dhcp 4.2.2
isc dhcp 4.2.2
isc dhcp 4.2.2
isc dhcp 4.2.3
isc dhcp 4.2.3
isc dhcp 4.2.3
isc dhcp 4.2.4
isc dhcp 4.1-esv
isc dhcp 4.1-esv
isc dhcp 4.1-esv
isc dhcp 4.1-esv
isc dhcp 4.1-esv
isc dhcp 4.1-esv
isc dhcp 4.1-esv
isc dhcp 4.1-esv
isc dhcp 4.1-esv
isc dhcp 4.1-esv
isc dhcp 4.1-esv
debian debian_linux 6.0
debian debian_linux 7.0
canonical ubuntu_linux 11.04
canonical ubuntu_linux 11.10
canonical ubuntu_linux 12.04


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "78214BCE-9739-40B9-A32E-89C16F7195DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1.0:a1:*:*:*:*:*:*",
              "matchCriteriaId": "40C764F4-8FAD-477E-92E5-79D234673478",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1.0:a2:*:*:*:*:*:*",
              "matchCriteriaId": "36045DDB-48C6-48CA-AAAF-A3487EF7A537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1.0:b1:*:*:*:*:*:*",
              "matchCriteriaId": "ECA81B95-97B7-4A56-A448-6E5DB6FA5F76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "A91F4FD9-1797-4B9C-AFB8-EC6445119DA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b1:*:*:*:*:*:*",
              "matchCriteriaId": "4479C934-BF9A-428F-AD22-41C45B70C546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b2:*:*:*:*:*:*",
              "matchCriteriaId": "11EE9507-6827-4CFF-B3B4-9DC4DE3E0B1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b3:*:*:*:*:*:*",
              "matchCriteriaId": "E6CE1A0F-BE1E-4312-B68F-F09B05929F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "17B6DEFA-0977-474A-9871-B03DEE924ADA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "09F19067-DD99-4B26-8125-0801459ED6B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1.2:b1:*:*:*:*:*:*",
              "matchCriteriaId": "9B63D409-60F5-4AB9-A576-8672D42E071E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CA5D825C-B72A-44F5-AF24-4F3200881ABA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9A1C3F3E-CFB2-40F2-89F4-735AAE042F65",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "150D46FA-873E-4E4F-8192-BCA1076994D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
              "matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
              "matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
              "matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
              "matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
              "matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "5C6D8D55-DCD2-4E70-B3C6-76F2134DA336",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
              "matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "5E91F700-F59A-491F-BA99-53EC79E573D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.2:b1:*:*:*:*:*:*",
              "matchCriteriaId": "53551545-041A-456F-BC81-E05A6B3CB198",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0F3DBB40-638E-4A4B-99B4-534D2564E146",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "0B921430-F03C-42DB-A362-562136B01445",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "FA0C3173-8630-4613-B1D3-711468FC3749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "F104AD27-0AE0-4853-B19C-1D83070A0DEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65689412-A35D-40B9-8671-DE8FF63C3DCC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
              "matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
              "matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r2:*:*:*:*:*:*",
              "matchCriteriaId": "A5E2FFC7-6E73-463E-846C-C403E41A2022",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3:*:*:*:*:*:*",
              "matchCriteriaId": "E9D08285-745D-40AB-9A78-F467712CDA5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1:*:*:*:*:*:*",
              "matchCriteriaId": "1D115F1F-1A3A-4924-AF10-723B3BB0CBB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r4:*:*:*:*:*:*",
              "matchCriteriaId": "79F235F0-AD16-4E5B-AB60-97F0BB86AEB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5:*:*:*:*:*:*",
              "matchCriteriaId": "E84D5E5B-0336-4166-AAAC-49375E3AF971",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_b1:*:*:*:*:*:*",
              "matchCriteriaId": "09561C97-563C-4DDC-9EE4-E83EFFD467D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "519CF0CC-FB12-4C68-88A0-E0E15738C620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "80EB131E-32E5-458F-8DDA-48835D2D883F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3120B566-2BB6-4A1F-9ED7-E099E2870919",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples fugas de memoria en ISC DHCP 4.1.x y 4.2.x anterior a 4.2.4-P1 y 4.1-ESV anterior a 4.1-ESV-R6, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria) mediante el env\u00edo de multitud de peticiones."
    }
  ],
  "id": "CVE-2012-3954",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-07-25T10:42:35.913",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2012/dsa-2516"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2012/dsa-2519"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/54665"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1027300"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1519-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/article/AA-00737"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2012/dsa-2516"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2012/dsa-2519"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/54665"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1027300"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1519-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/article/AA-00737"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.