CVE-2022-2929

Published Oct 7, 2022
Last updated a year ago
CVSS medium 6.5
Overview

Description: In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.
Source: security-officer@isc.org
NVD status: Modified
Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM
Weaknesses

nvd@nist.gov: CWE-770
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29B372FC-4ADF-480F-82EA-677BA9CE80F9",
            "versionEndExcluding": "4.1-esv",
            "versionStartIncluding": "1.0.0"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3828370A-E2C3-40C6-A4D4-A0E4FE932AD0",
            "versionEndIncluding": "4.4.3",
            "versionStartIncluding": "4.2.0"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "179443DC-4B6A-408A-8BE5-B3E72188F43E"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9BE7736-58CD-468B-84AB-B38C9B254BA6"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7EB6F7F0-B2A0-47E3-AD7A-4E7618A36F90"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA5FAE54-1645-4A38-A431-10E67304399A"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C0D1A71-CECB-4C86-87F6-EB3741BDF692"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADF80D19-3B0A-4A74-944E-F33CCC30EADA"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40B21FCB-43A8-4266-934D-ECFF8138F637"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69D49F23-9074-49E7-985F-4D93393324CD"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F729D1D-7234-4BC2-839B-AE1BB9D16C25"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E01D88D-876D-45FE-B7ED-089DAD801EF6"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4B030B1-F008-4562-93C7-7E1C6D3D00F4"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF656F5E-B317-4E0C-BF01-EC2A917142DC"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBA64EEC-C0C7-4F11-8131-2868691E54DB"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12-p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FFD3109A-1D76-4EA7-BF39-0B203AD945CF"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "157520D7-AE39-4E23-A8CF-DD75EA78C055"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B07118EC-9508-42B8-8D09-5CE310DA2B43"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2156D1BC-90AE-4AF3-964C-DAC7DCE14A5D"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A157E664-6ACE-44CE-AC07-64898B182EA1"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13_b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0056BF7A-4A70-4F1D-89C2-25CCDB65217B"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA8ADA07-94FA-4014-AF70-8FCAF5F0DB03"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D21F05D-246F-41F5-81FD-286C26168E2E"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14_b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12103C87-C942-481A-A68C-7BC83F964C06"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2E0124D-6330-4013-8145-4309FDAE60A8"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "924E91FF-495F-4963-827F-57F7340C6560"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15-p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BC02748-557A-4131-A372-D99B62B4B93B"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15_b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76A11284-3D81-45F0-8055-17282945C14F"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r16:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98431CF5-D4C2-4FCF-BA81-0BBB631546D2"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r16-p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FEA9F857-B59F-4D2D-8F7B-0D1BF08E9712"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References
