github - ghsa-fpv7-2967-vrc5

ghsa-fpv7-2967-vrc5

Vulnerability from github

Published

2022-05-13 01:27

Modified

2025-04-12 12:55

Severity ?

6.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-8605"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-01-14T22:59:00Z",
    "severity": "MODERATE"
  },
  "details": "ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.",
  "id": "GHSA-fpv7-2967-vrc5",
  "modified": "2025-04-12T12:55:51Z",
  "published": "2022-05-13T01:27:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8605"
    },
    {
      "type": "WEB",
      "url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released"
    },
    {
      "type": "WEB",
      "url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released"
    },
    {
      "type": "WEB",
      "url": "https://kb.isc.org/article/AA-01334"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2016/dsa-3442"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/80703"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1034657"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2868-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2015-8605 (GCVE-0-2015-8605)

Vulnerability from cvelistv5

Published

2016-01-14 22:00

Modified

2024-08-06 08:20

Severity ?

CWE

Summary

ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.

References

URL

Tags

	http://www.securitytracker.com/id/1034657	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html	vendor-advisory, x_refsource_SUSE
	https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/	x_refsource_CONFIRM
	https://kb.isc.org/article/AA-01334	x_refsource_CONFIRM
	https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html	vendor-advisory, x_refsource_FEDORA
	http://www.debian.org/security/2016/dsa-3442	vendor-advisory, x_refsource_DEBIAN
	http://www.ubuntu.com/usn/USN-2868-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.html	vendor-advisory, x_refsource_FEDORA
	http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/80703	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website