CVE-2010-3616

CWE-20 — Improper Input Validation7 documents6 sources

Severity

5.0MEDIUM

EPSS

8.4%

top 7.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Dhcp

Timeline

PublishedDec 17

Latest updateMay 17

Description

ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service (communications-interrupted state and DHCP client service loss) by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp process check to TCP port 520.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDisc/dhcp4.2.0

🔴Vulnerability Details

GHSA

GHSA-vgq6-5774-xvfp: ISC DHCP server 4↗2022-05-17

▶

CVEList

CVE-2010-3616: ISC DHCP server 4↗2010-12-17

▶

📋Vendor Advisories

Red Hat

dhcp: server hangs with TCP to failover peer port↗2010-12-07

▶

Debian

CVE-2010-3616: isc-dhcp - ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnership...↗2010

▶

💬Community

Bugzilla

CVE-2010-3616 dhcp: server hangs with TCP to failover peer port↗2010-12-11

▶

Bugzilla

CVE-2010-3616 dhcp: server hangs with TCP to failover peer port [fedora-14]↗2010-12-11

▶