CVE-2022-2928

CWE-476NULL Pointer DereferenceCWE-190Integer Overflow13 documents8 sources
Severity
6.5MEDIUM
EPSS
0.0%
top 85.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
ISC DhcpISC ISC DhcpDebian Debian Linux+1 more
Timeline
PublishedOct 7
Latest updateNov 21

Description

In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the s

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

Debianisc-dhcp< 4.4.1-2.3+deb11u1+2
Ubuntuisc-dhcp< 4.3.5-3ubuntu7.4+4
NVDisc/dhcp4.4.04.4.3+1
CVEListV5isc/isc_dhcp4.1 ESV 4.1-ESV-R1 through versions before 4.1-ESV-R16-P1, 4.4.0 through versions before 4.4.3-P1+1

Also affects: Debian Linux 10.0, Fedora 35, 36, 37

🔴Vulnerability Details

6
OSV
isc-dhcp vulnerabilities2022-11-21
OSV
isc-dhcp vulnerabilities2022-11-07
CVEList
An option refcount overflow exists in dhcpd2022-10-07
OSV
CVE-2022-2928: In ISC DHCP 42022-10-07
GHSA
GHSA-5fp7-mmwq-gvmw: In ISC DHCP 42022-10-07

📋Vendor Advisories

6
Ubuntu
DHCP vulnerabilities2022-11-21
Ubuntu
DHCP vulnerabilities2022-11-07
Microsoft
An option refcount overflow exists in dhcpd2022-10-11
Red Hat
dhcp: option refcount overflow when leasequery is enabled leading to dhcpd abort2022-10-05
Ubuntu
DHCP vulnerabilities2022-10-05