Vulnerabilities > ISC > Dhcp > 4.0.2

DATE CVE VULNERABILITY TITLE RISK
2022-10-07 CVE-2022-2929 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.
low complexity
isc debian fedoraproject CWE-770
6.5
6.5
2016-01-14 CVE-2015-8605 Improper Input Validation vulnerability in multiple products
ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet. 		5.7
5.7
2012-01-15 CVE-2011-4868 Resource Management Errors vulnerability in ISC Dhcp
The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update.
low complexity
isc CWE-399
6.1
6.1
2011-12-08 CVE-2011-4539 Improper Input Validation vulnerability in multiple products
dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.
network
low complexity
isc canonical debian CWE-20
5.0
5.0
2011-08-15 CVE-2011-2749 Improper Input Validation vulnerability in multiple products
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.
network
low complexity
isc debian canonical CWE-20
7.8
7.8
2011-08-15 CVE-2011-2748 Improper Input Validation vulnerability in multiple products
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.
network
low complexity
isc canonical debian CWE-20
7.8
7.8
2011-01-31 CVE-2011-0413 Improper Input Validation vulnerability in ISC Dhcp
The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address.
network
low complexity
isc CWE-20
7.8
7.8
2010-06-07 CVE-2010-2156 Numeric Errors vulnerability in ISC Dhcp
ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID.
network
low complexity
isc CWE-189
5.0
5.0