CVE-2011-4868

CWE-3998 documents7 sources

Severity

6.1MEDIUM

EPSS

0.8%

top 25.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Dhcp

Timeline

PublishedJan 15

Latest updateMay 17

Description

The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update.

CVSS vector

AV:A/AC:L/C:N/I:N/A:CExploitability: 6.5 | Impact: 6.9

Affected Packages2 packages

▶Debianisc-dhcp< 4.2.2.dfsg.1-5+2

▶NVDisc/dhcp4.2.3+14

🔴Vulnerability Details

GHSA

GHSA-q3c7-f665-h5rw: The logging functionality in dhcpd in ISC DHCP before 4↗2022-05-17

▶

CVEList

CVE-2011-4868: The logging functionality in dhcpd in ISC DHCP before 4↗2012-01-15

▶

OSV

CVE-2011-4868: The logging functionality in dhcpd in ISC DHCP before 4↗2012-01-15

▶

📋Vendor Advisories

Red Hat

dhcp: error in DDNS processing of DHCPv6 leases can cause ISC dhcpd crash↗2012-01-12

▶

Debian

CVE-2011-4868: isc-dhcp - The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynam...↗2011

▶

💬Community

Bugzilla

CVE-2011-4868 CVE-2011-4868 ISC DHCP Error in DDNS Processing of DHCPv6 Leases Can Cause a Crash in ISC dhcpd [fedora-all]↗2012-01-13

▶

Bugzilla

CVE-2011-4868 dhcp: error in DDNS processing of DHCPv6 leases can cause ISC dhcpd crash↗2012-01-13

▶