cbcvebase.
CVE-2015-8605
published 2016-01-14

CVE-2015-8605: ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid…

PriorityP340medium6.5CVSS 3.0
AVAACLPRNUINSUCNINAH
EPSS
76.45%
99.5th percentile
ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.

Affected

31 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debiandebian_linux
debiandebian_linux
debianisc-dhcp< isc-dhcp 4.3.3-7 (bookworm)isc-dhcp 4.3.3-7 (bookworm)
iscdhcp
iscdhcp
iscdhcp
iscdhcp
iscdhcp
iscdhcp
iscdhcp
iscdhcp
iscdhcp
iscdhcp
iscdhcp
iscdhcp
iscdhcp
iscdhcp
iscdhcp
iscdhcp
iscdhcp

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability is triggered by a malformed UDP IPv4 packet with an invalid (attacker-controlled) length field sent to a DHCP server, client, or relay. Monitor for DHCP processes (dhcpd, dhclient, dhcrelay) crashing unexpectedly, which may indicate exploitation attempts.
  • The attack vector is network-based (UDP, standard DHCP ports). The exploit is most practical when the DHCP process is a 32-bit binary running on a 64-bit OS, where stack memory can be placed near the end of the 32-bit address space. ASLR may cause only some invocations to be vulnerable.
  • ·Red Hat Enterprise Linux 5, 6, and 7 ship only 64-bit DHCP packages; the wraparound condition cannot be triggered on those platforms, so they are assessed as not practically affected.
  • ·The attacker-controlled offset is bounded by the maximum UDP packet length (~64 KB / 2^16), meaning exploitation requires the stack buffer to be placed within ~64 KB of the top of the 32-bit address space — a condition influenced by ASLR.

CVSS provenance

nvdv3.06.5MEDIUMCVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.7MEDIUMAV:A/AC:M/Au:N/C:N/I:N/A:C
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.