CVE-2011-2748

CWE-20 — Improper Input Validation9 documents8 sources

Severity

7.8HIGH

EPSS

87.8%

top 0.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Canonical Ubuntu Linux Debian Debian Linux ISC Dhcp

Timeline

PublishedAug 15

Latest updateMay 13

Description

The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶Debianisc-dhcp< 4.2.2-1+2

▶NVDisc/dhcp25 versions+24

Also affects: Debian Linux 5.0, 6.0, 7.0, Ubuntu Linux 10.04, 10.10, 11.04, 8.04

Patches

Patch: www.isc.org ↗Patch: www.isc.org ↗

🔴Vulnerability Details

GHSA

GHSA-xm4m-62pf-w44f: The server in ISC DHCP 3↗2022-05-13

▶

CVEList

CVE-2011-2748: The server in ISC DHCP 3↗2011-08-15

▶

OSV

CVE-2011-2748: The server in ISC DHCP 3↗2011-08-15

▶

📋Vendor Advisories

Ubuntu

DHCP vulnerabilities↗2011-08-15

▶

Red Hat

dhcp: denial of service flaws↗2011-08-10

▶

Debian

CVE-2011-2748: isc-dhcp - The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and ...↗2011

▶

💬Community

Bugzilla

CVE-2011-2748 CVE-2011-2749 dhcp various flaws [fedora-all]↗2011-08-11

▶

Bugzilla

CVE-2011-2748 CVE-2011-2749 dhcp: denial of service flaws↗2011-08-09

▶