CVE-2021-25217

CWE-119Buffer Overflow9 documents8 sources
Severity
7.4HIGH
EPSS
0.3%
top 46.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
15
ISC ISC DhcpSiemens Ruggedcom ROX Mx5000 FirmwareSiemens Ruggedcom ROX Rx1400 Firmware+12 more
Timeline
PublishedMay 26
Latest updateMay 24

Description

In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages14 packages

CVEListV5isc/isc_dhcp4.1 ESV4.1-ESV-R16-P1+1
Debianisc-dhcp< 4.4.1-2.3+2
NVDisc/dhcp4.4.04.4.2+1
NVDsiemens/sinec_ins< 1.0+1

Also affects: Debian Linux 9.0, Fedora 33, 34

Patches

Patch: www.openwall.comPatch: cert-portal.siemens.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

3
GHSA
GHSA-pf98-cx5w-r49r: In ISC DHCP 42022-05-24
CVEList
A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient2021-05-26
OSV
CVE-2021-25217: In ISC DHCP 42021-05-26

📋Vendor Advisories

5
Ubuntu
DHCP vulnerability2021-05-27
Ubuntu
DHCP vulnerability2021-05-27
Red Hat
dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient2021-05-26
Microsoft
A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient2021-05-11
Debian
CVE-2021-25217: isc-dhcp - In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches o...2021