CVE-2010-3611 — NULL Pointer Dereference in Dhcp

CWE-476 — NULL Pointer Dereference8 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

7.6%

top 8.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Dhcp

Timeline

PublishedNov 4

Latest updateMay 17

Description

ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDisc/dhcp6 versions+5

Patches

Patch: www.vupen.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-3q9m-cg52-56rj: ISC DHCP server 4↗2022-05-17

▶

CVEList

CVE-2010-3611: ISC DHCP server 4↗2010-11-04

▶

OSV

CVE-2010-3611: ISC DHCP server 4↗2010-11-04

▶

📋Vendor Advisories

Red Hat

dhcp: NULL pointer dereference crash via crafted DHCPv6 packet↗2010-11-02

▶

Debian

CVE-2010-3611: isc-dhcp - ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allo...↗2010

▶

💬Community

Bugzilla

CVE-2010-3611 dhcp: NULL pointer dereference crash via crafted DHCPv6 packet↗2010-11-04

▶

Bugzilla

CVE-2010-3611 dhcp: DoS via crafted DHCPv6 packet [fedora-all]↗2010-11-04

▶