Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-2928

Опубликовано: 07 окт. 2022
Источник: debian

Описание

In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
isc-dhcpfixed4.4.3-2.1package

Примечания

  • https://www.openwall.com/lists/oss-security/2022/10/05/1

  • https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/

  • https://downloads.isc.org/isc/dhcp/4.1-ESV-R16-P2/patches/

  • https://kb.isc.org/docs/cve-2022-2928

Связанные уязвимости

ubuntu логотип

CVE-2022-2928

CVSS3: 6.5
ubuntu
больше 3 лет назад

In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.

redhat логотип

CVE-2022-2928

CVSS3: 6.5
redhat
больше 3 лет назад

In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.

nvd логотип

CVE-2022-2928

CVSS3: 6.5
nvd
больше 3 лет назад

In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.

msrc логотип

CVE-2022-2928

CVSS3: 6.5
msrc
больше 1 года назад

Описание отсутствует

github логотип

GHSA-5fp7-mmwq-gvmw

CVSS3: 7.5
github
больше 3 лет назад

In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.