ISC DHCP <4.4.3 / 4.1-ESV-R16-P1 Mem Exhaustion via Long FQDN Labels
CVE-2022-2929 Published on October 7, 2022

DHCP memory leak
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

HIGH

Products Associated with CVE-2022-2929

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-2929 are published in these products:

Canonical Ubuntu Linux

ISC Dhcp

Debian Linux

Fedora Project Fedora

Affected Versions

ISC DHCP:

Version 1.0 through versions before 4.1-ESV-R16-P2 is affected.
Version 4.2 through versions before 4.4.3.-P1 is affected.

Exploit Probability

EPSS

0.05%

Percentile

16.62%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

ISC DHCP <4.4.3 / 4.1-ESV-R16-P1 Mem Exhaustion via Long FQDN LabelsCVE-2022-2929 Published on October 7, 2022

Vulnerability Analysis

Products Associated with CVE-2022-2929

Affected Versions

Exploit Probability

ISC DHCP <4.4.3 / 4.1-ESV-R16-P1 Mem Exhaustion via Long FQDN Labels
CVE-2022-2929 Published on October 7, 2022