CVE-2010-3611
published 2010-11-04CVE-2010-3611: ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and…
PriorityP424medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
9.40%
94.8th percentile
ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | isc-dhcp | < isc-dhcp 4.1.1-P1-14 (bookworm) | isc-dhcp 4.1.1-P1-14 (bookworm) |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3q9m-cg52-56rj: ISC DHCP server 4
ghsa_unreviewed·2022-05-17
CVE-2010-3611 [MEDIUM] GHSA-3q9m-cg52-56rj: ISC DHCP server 4
ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field.
OSV
CVE-2010-3611: ISC DHCP server 4
osv·2010-11-04·CVSS 4.3
CVE-2010-3611 [MEDIUM] CVE-2010-3611: ISC DHCP server 4
ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field.
Red Hat
dhcp: NULL pointer dereference crash via crafted DHCPv6 packet
vendor_redhat·2010-11-02·CVSS 4.3
CVE-2010-3611 [MEDIUM] CWE-476 dhcp: NULL pointer dereference crash via crafted DHCPv6 packet
dhcp: NULL pointer dereference crash via crafted DHCPv6 packet
ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field.
Statement: This issue did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 4 and 5 as they did not include support for DHCPv6.
Debian
CVE-2010-3611: isc-dhcp - ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allo...
vendor_debian·2010·CVSS 4.3
CVE-2010-3611 [MEDIUM] CVE-2010-3611: isc-dhcp - ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allo...
ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field.
Scope: local
bookworm: resolved (fixed in 4.1.1-P1-14)
bullseye: resolved (fixed in 4.1.1-P1-14)
sid: resolved (fixed in 4.1.1-P1-14)
trixie: resolved (fixed in 4.1.1-P1-14)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-3611 dhcp: NULL pointer dereference crash via crafted DHCPv6 packet
bugzilla·2010-11-04·CVSS 4.3
CVE-2010-3611 [MEDIUM] CVE-2010-3611 dhcp: NULL pointer dereference crash via crafted DHCPv6 packet
CVE-2010-3611 dhcp: NULL pointer dereference crash via crafted DHCPv6 packet
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-3611 to
the following vulnerability:
Name: CVE-2010-3611
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3611
Assigned: 20100927
Reference: CONFIRM: http://www.isc.org/software/dhcp/advisories/cve-2010-3611
Reference: CERT-VN:VU#102047
Reference: URL: http://www.kb.cert.org/vuls/id/102047
Reference: BID:44615
Reference: URL: http://www.securityfocus.com/bid/44615
Reference: SECUNIA:42082
Reference: URL: http://secunia.com/advisories/42082
Reference: VUPEN:ADV-2010-2879
Reference: URL: http://www.vupen.com/english/advisories/2010/2879
Reference: XF:iscdhcp-relayforward-dos(62965)
Reference: URL: http://xforce.iss.net/xforce/xfdb/6296
Bugzilla
CVE-2010-3611 dhcp: DoS via crafted DHCPv6 packet [fedora-all]
bugzilla·2010-11-04·CVSS 4.3
CVE-2010-3611 [MEDIUM] CVE-2010-3611 dhcp: DoS via crafted DHCPv6 packet [fedora-all]
CVE-2010-3611 dhcp: DoS via crafted DHCPv6 packet [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=649877
Please note: this issue affects multiple supported v
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050766.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/051287.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.htmlhttp://osvdb.org/68999http://secunia.com/advisories/42082http://secunia.com/advisories/42345http://secunia.com/advisories/42407http://www.isc.org/software/dhcp/advisories/cve-2010-3611http://www.kb.cert.org/vuls/id/102047http://www.mandriva.com/security/advisories?name=MDVSA-2010:226http://www.redhat.com/support/errata/RHSA-2010-0923.htmlhttp://www.securityfocus.com/bid/44615http://www.vupen.com/english/advisories/2010/2879http://www.vupen.com/english/advisories/2010/3044http://www.vupen.com/english/advisories/2010/3092https://bugzilla.redhat.com/show_bug.cgi?id=649877https://exchange.xforce.ibmcloud.com/vulnerabilities/62965http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050766.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/051287.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.htmlhttp://osvdb.org/68999http://secunia.com/advisories/42082http://secunia.com/advisories/42345http://secunia.com/advisories/42407http://www.isc.org/software/dhcp/advisories/cve-2010-3611http://www.kb.cert.org/vuls/id/102047http://www.mandriva.com/security/advisories?name=MDVSA-2010:226http://www.redhat.com/support/errata/RHSA-2010-0923.htmlhttp://www.securityfocus.com/bid/44615http://www.vupen.com/english/advisories/2010/2879http://www.vupen.com/english/advisories/2010/3044http://www.vupen.com/english/advisories/2010/3092https://bugzilla.redhat.com/show_bug.cgi?id=649877https://exchange.xforce.ibmcloud.com/vulnerabilities/62965
2010-11-04
Published