CVE-2011-2717 — Injection in Dhcp6c

CWE-74 — Injection4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

0.7%

top 28.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Dhcp6c Dhcpv6 Project Dhcpv6 Redhat Enterprise Linux

Timeline

PublishedNov 27

Latest updateApr 22

Description

The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5dhcpv6_project/dhcpv6through 2011-07-25

▶NVDlinux/dhcp6c2011-07-25

Also affects: Enterprise Linux 4.0, 5.0

🔴Vulnerability Details

GHSA

GHSA-4wfc-527w-m6mj: The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacha↗2022-04-22

▶

📋Vendor Advisories

Red Hat

dhcpv6: insufficient checking of DHCP options↗2011-04-05

▶

💬Community

Bugzilla

CVE-2011-2717 dhcpv6: insufficient checking of DHCP options↗2011-07-25

▶