cbcvebase.
CVE-2020-13529
published 2021-05-10

CVE-2020-13529: An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to…

medium6.1CVSS 3.1
AVAACHPRNUINSCCNINAH
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.

Affected

10 ranges
VendorProductVersion rangeFixed in
debiansystemd< systemd 249.4-2 (bookworm)systemd 249.4-2 (bookworm)
fedoraprojectfedora
systemd_projectsystemd
systemd_projectsystemd
systemd_projectsystemd>= 0 < 249.4-2249.4-2
systemd_projectsystemd>= 0 < 249.4-2249.4-2
systemd_projectsystemd>= 0 < 249.4-2249.4-2
systemd_projectsystemd>= 0 < 237-3ubuntu10.49237-3ubuntu10.49
systemd_projectsystemd>= 0 < 245.4-4ubuntu3.10245.4-4ubuntu3.10
systemd_projectsystemd>= 0 < 229-4ubuntu21.31+esm1229-4ubuntu21.31+esm1

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
osv6.1MEDIUM