CVE-2012-2152
published 2012-07-25CVE-2012-2152: Stack-based buffer overflow in the get_packet method in socket.c in dhcpcd 3.2.3 allows remote attackers to cause a denial of service (crash) and possibly…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
4.00%
89.2th percentile
Stack-based buffer overflow in the get_packet method in socket.c in dhcpcd 3.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long packet.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dhcpcd | < dhcpcd 1:3.2.3-11 (forky) | dhcpcd 1:3.2.3-11 (forky) |
| dhcpcd_project | dhcpcd | >= 0 < 1:3.2.3-11 | 1:3.2.3-11 |
| dhcpcd_project | dhcpcd | >= 0 < 1:3.2.3-11 | 1:3.2.3-11 |
| roy_marples | dhcpcd | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w9m7-rxrq-4665: Stack-based buffer overflow in the get_packet method in socket
ghsa_unreviewed·2022-05-17
CVE-2012-2152 [HIGH] CWE-119 GHSA-w9m7-rxrq-4665: Stack-based buffer overflow in the get_packet method in socket
Stack-based buffer overflow in the get_packet method in socket.c in dhcpcd 3.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long packet.
OSV
CVE-2012-2152: Stack-based buffer overflow in the get_packet method in socket
osv·2012-07-25·CVSS 7.5
CVE-2012-2152 [HIGH] CVE-2012-2152: Stack-based buffer overflow in the get_packet method in socket
Stack-based buffer overflow in the get_packet method in socket.c in dhcpcd 3.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long packet.
CISA ICS
Advantech EKI Vulnerabilities (Update B)
cisa_ics·2015-12-15
Advantech EKI Vulnerabilities (Update B)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech EKI Vulnerabilities (Update B)
Last RevisedAugust 23, 2018
Alert CodeICSA-15-344-01B
## OVERVIEW
This updated advisory is a follow-up to the updated advisory titled ICSA-15-344-01A Advantech EKI Vulnerabilities that was published December 15, 2015, on the NCCIC/ICS-CERT web site.
## --------- Begin Update B Part 1 of 3 --------
HD Moore of Rapid7 identified several vulnerabilities in Advantech’s EKI. Advantech has released updated firmware to mitigate these vulnerabilities.
## --------- End Update B Part 1 of 3 --------
These vulnerabilities could be exploited remo
Debian
CVE-2012-2152: dhcpcd - Stack-based buffer overflow in the get_packet method in socket.c in dhcpcd 3.2.3...
vendor_debian·2012·CVSS 7.5
CVE-2012-2152 [HIGH] CVE-2012-2152: dhcpcd - Stack-based buffer overflow in the get_packet method in socket.c in dhcpcd 3.2.3...
Stack-based buffer overflow in the get_packet method in socket.c in dhcpcd 3.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long packet.
Scope: local
forky: resolved (fixed in 1:3.2.3-11)
sid: resolved (fixed in 1:3.2.3-11)
trixie: resolved (fixed in 1:3.2.3-11)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.debian.org/security/2012/dsa-2498http://www.openwall.com/lists/oss-security/2012/05/02/4http://www.openwall.com/lists/oss-security/2012/05/02/5http://www.securityfocus.com/bid/53354https://bugzilla.novell.com/show_bug.cgi?id=760334http://www.debian.org/security/2012/dsa-2498http://www.openwall.com/lists/oss-security/2012/05/02/4http://www.openwall.com/lists/oss-security/2012/05/02/5http://www.securityfocus.com/bid/53354https://bugzilla.novell.com/show_bug.cgi?id=760334
2012-07-25
Published