CVE-2007-0062

CWE-119 — Buffer Overflow CWE-1896 documents6 sources

Severity

10.0CRITICAL

EPSS

5.4%

top 9.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware ACE Vmware Player Vmware Server +2 more

Timeline

PublishedSep 21

Latest updateMay 1

Description

Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-m…

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages5 packages

▶NVDvmware/player1.0.4, 2.0+1

▶NVDvmware/server1.0.3

▶NVDvmware/workstation13 versions+12

▶NVDvmware/vmware_workstation6.0.1

▶NVDvmware/ace1.0.3, 2.0+1

Patches

Patch: www.iss.net ↗Patch: www.securityfocus.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-g7fq-vjjh-pwc3: Integer overflow in the ISC dhcpd 3↗2022-05-01

▶

CVEList

CVE-2007-0062: Integer overflow in the ISC dhcpd 3↗2007-09-21

▶

📋Vendor Advisories

Ubuntu

VMWare vulnerabilities↗2007-11-15

▶

Red Hat

dhcpd possible DoS via large max-message-size option↗2007-09-19

▶

💬Community

Bugzilla

CVE-2007-0062 dhcpd possible DoS via large max-message-size option↗2007-10-19

▶