CVE-2015-8605

CWE-20 — Improper Input Validation CWE-190 — Integer Overflow CWE-125 — Out-of-bounds Read9 documents8 sources

Severity

6.5MEDIUM

EPSS

43.4%

top 2.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sophos Unified Threat Management Up2date Canonical Ubuntu Linux Debian Debian Linux +1 more

Timeline

PublishedJan 14

Latest updateMay 13

Description

ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶Debianisc-dhcp< 4.3.3-7+2

▶NVDisc/dhcp21 versions+20

▶NVDsophos/unified_threat_management_up2date9.318+1

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 15.04, 15.10

🔴Vulnerability Details

GHSA

GHSA-fpv7-2967-vrc5: ISC DHCP 4↗2022-05-13

▶

OSV

CVE-2015-8605: ISC DHCP 4↗2016-01-14

▶

CVEList

CVE-2015-8605: ISC DHCP 4↗2016-01-14

▶

📋Vendor Advisories

Ubuntu

DHCP vulnerability↗2016-01-13

▶

Red Hat

dhcp: UDP payload length not properly checked↗2016-01-12

▶

Debian

CVE-2015-8605: isc-dhcp - ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remo...↗2015

▶

💬Community

Bugzilla

CVE-2015-8605 dhcp: UDP payload length not properly checked [fedora-all]↗2016-01-13

▶

Bugzilla

CVE-2015-8605 dhcp: UDP payload length not properly checked↗2016-01-11

▶