Vulnerabilities > Dhcpcd Project

DATE CVE VULNERABILITY TITLE RISK
2019-05-05 CVE-2019-11766 Out-of-bounds Read vulnerability in multiple products
dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.
network
low complexity
dhcpcd-project debian CWE-125
critical
9.8
2019-04-28 CVE-2019-11579 Out-of-bounds Read vulnerability in multiple products
dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED.
network
low complexity
dhcpcd-project debian CWE-125
5.0
2019-04-28 CVE-2019-11578 Cryptographic Issues vulnerability in Dhcpcd Project Dhcpcd
auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks.
4.3
2019-04-28 CVE-2019-11577 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dhcpcd Project Dhcpcd
dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp6.c when reading NA/TA addresses.
network
low complexity
dhcpcd-project CWE-119
7.5
2017-02-07 CVE-2016-1504 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dhcpcd Project Dhcpcd
dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length.
network
low complexity
dhcpcd-project CWE-119
5.0
2016-04-18 CVE-2016-1503 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634.
network
low complexity
dhcpcd-project google CWE-119
critical
10.0
2016-04-11 CVE-2012-6700 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response.
network
low complexity
debian dhcpcd-project CWE-119
5.0
2016-04-11 CVE-2012-6699 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response.
network
low complexity
debian dhcpcd-project CWE-119
5.0
2016-04-11 CVE-2012-6698 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response.
network
low complexity
debian dhcpcd-project CWE-119
5.0
2014-09-04 CVE-2014-6060 Resource Management Errors vulnerability in multiple products
The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again.
low complexity
dhcpcd-project google CWE-399
3.3