CVE-2012-3954
published 2012-07-25CVE-2012-3954: Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory…
PriorityP416low3.3CVSS 2.0
AVAACLAuNCNINAP
EPSS
4.33%
90.0th percentile
Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | isc-dhcp | < isc-dhcp 4.2.4-2 (bookworm) | isc-dhcp 4.2.4-2 (bookworm) |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
CVSS provenance
nvdv2.03.3LOWAV:A/AC:L/Au:N/C:N/I:N/A:P
osv3.3LOW
vendor_ubuntu6.1MEDIUM
vendor_debian3.3LOW
vendor_redhat3.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
DHCP vulnerabilities
vendor_ubuntu·2012-07-26·CVSS 6.1
CVE-2012-3571 [MEDIUM] DHCP vulnerabilities
Title: DHCP vulnerabilities
Summary: DHCP could be made to crash if it received specially crafted network
traffic.
Markus Hietava discovered that the DHCP server incorrectly handled certain
malformed client identifiers. A remote attacker could use this issue to
cause DHCP to crash, resulting in a denial of service. (CVE-2012-3571)
Glen Eustace discovered that the DHCP server incorrectly handled memory. A
remote attacker could use this issue to cause DHCP to crash, resulting in a
denial of service. (CVE-2012-3954)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
dhcp: two memory leaks may result in DoS
vendor_redhat·2012-07-24·CVSS 3.3
CVE-2012-3954 [LOW] CWE-401 dhcp: two memory leaks may result in DoS
dhcp: two memory leaks may result in DoS
Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.
Package: dhcp (Red Hat Enterprise Linux 5) - Not affected
Debian
CVE-2012-3954: isc-dhcp - Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV be...
vendor_debian·2012·CVSS 3.3
CVE-2012-3954 [LOW] CVE-2012-3954: isc-dhcp - Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV be...
Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.
Scope: local
bookworm: resolved (fixed in 4.2.4-2)
bullseye: resolved (fixed in 4.2.4-2)
sid: resolved (fixed in 4.2.4-2)
trixie: resolved (fixed in 4.2.4-2)
GHSA
GHSA-v4rv-fwvg-94r2: Multiple memory leaks in ISC DHCP 4
ghsa_unreviewed·2022-05-13
CVE-2012-3954 [LOW] GHSA-v4rv-fwvg-94r2: Multiple memory leaks in ISC DHCP 4
Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.
OSV
CVE-2012-3954: Multiple memory leaks in ISC DHCP 4
osv·2012-07-25·CVSS 3.3
CVE-2012-3954 [LOW] CVE-2012-3954: Multiple memory leaks in ISC DHCP 4
Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-3570 CVE-2012-3571 CVE-2012-3954 dhcp various flaws [fedora-all]
bugzilla·2012-07-24·CVSS 5.7
CVE-2012-3570 [MEDIUM] CVE-2012-3570 CVE-2012-3571 CVE-2012-3954 dhcp various flaws [fedora-all]
CVE-2012-3570 CVE-2012-3571 CVE-2012-3954 dhcp various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&b
Bugzilla
CVE-2012-3954 dhcp: two memory leaks may result in DoS
bugzilla·2012-07-23·CVSS 3.3
CVE-2012-3954 [LOW] CVE-2012-3954 dhcp: two memory leaks may result in DoS
CVE-2012-3954 dhcp: two memory leaks may result in DoS
ISC has discovered and fixed two memory leaks in the DHCP code. One of the
leaks only affects servers running in DHCPv6 mode. The other is known to
affect a server running in DHCPv6 mode but could potentially occur on
servers running in DHCPv4 mode as well. In both cases the server can leak a
small amount of memory while processing messages. The amount leaked per
iteration is small and the leak will not cause problems in many cases.
However on a server that is run for a long period without re-starting or a
server handling an extraordinary amount of traffic from the clients the
leak could consume all memory available to the DHCP server process,
preventing further operation by the DHCP server process and potentially
interfering with oth
http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1141.htmlhttp://security.gentoo.org/glsa/glsa-201301-06.xmlhttp://www.debian.org/security/2012/dsa-2516http://www.debian.org/security/2012/dsa-2519http://www.mandriva.com/security/advisories?name=MDVSA-2012:115http://www.mandriva.com/security/advisories?name=MDVSA-2012:116http://www.securityfocus.com/bid/54665http://www.securitytracker.com/id?1027300http://www.ubuntu.com/usn/USN-1519-1https://kb.isc.org/article/AA-00737http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1141.htmlhttp://security.gentoo.org/glsa/glsa-201301-06.xmlhttp://www.debian.org/security/2012/dsa-2516http://www.debian.org/security/2012/dsa-2519http://www.mandriva.com/security/advisories?name=MDVSA-2012:115http://www.mandriva.com/security/advisories?name=MDVSA-2012:116http://www.securityfocus.com/bid/54665http://www.securitytracker.com/id?1027300http://www.ubuntu.com/usn/USN-1519-1https://kb.isc.org/article/AA-00737
2012-07-25
Published