Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-3571

CWE-119 — Buffer Overflow11 documents9 sources

Severity

6.1MEDIUM

EPSS

20.6%

top 4.43%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Canonical Ubuntu Linux Debian Debian Linux ISC Dhcp

Timeline

PublishedJul 25

Latest updateMay 13

Description

ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.

CVSS vector

AV:A/AC:L/C:N/I:N/A:CExploitability: 6.5 | Impact: 6.9

Affected Packages2 packages

▶Debianisc-dhcp< 4.2.4-2+2

▶NVDisc/dhcp7 versions+6

Also affects: Debian Linux 6.0, 7.0, Ubuntu Linux 11.04, 11.10, 12.04

🔴Vulnerability Details

GHSA

GHSA-2fx4-27pj-8f74: ISC DHCP 4↗2022-05-13

▶

CVEList

CVE-2012-3571: ISC DHCP 4↗2012-07-25

▶

OSV

CVE-2012-3571: ISC DHCP 4↗2012-07-25

▶

💥Exploits & PoCs

Exploit-DB

ISC DHCP 4.x - Multiple Denial of Service Vulnerabilities↗2012-07-25

▶

📋Vendor Advisories

Ubuntu

DHCP vulnerabilities↗2012-07-26

▶

Red Hat

dhcp: DoS due to error in handling malformed client identifiers↗2012-07-24

▶

Red Hat

OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)↗2012-02-14

▶

Debian

CVE-2012-3571: isc-dhcp - ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attacke...↗2012

▶

💬Community

Bugzilla

CVE-2012-3570 CVE-2012-3571 CVE-2012-3954 dhcp various flaws [fedora-all]↗2012-07-24

▶

Bugzilla

CVE-2012-3571 dhcp: DoS due to error in handling malformed client identifiers↗2012-07-23

▶