Multiple vulnerabilities in ISC DHCP



Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2022-2928
CVE-2022-2929
CWE-ID CWE-20
CWE-401
Exploitation vector Local network
Public exploit N/A
Vulnerable software
DHCP
Server applications / Other server solutions

Vendor ISC

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU67944

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2928

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error related to the way processing lease queries are processed by the DHCP server. With a DHCP server configured with "allow leasequery;" a remote attacker can send lease queries for the same lease multiple times, leading to the "add_option()" function being repeatedly called. This can cause an option's "refcount" field to overflow and the server to abort.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

DHCP: - - 4.4.3

CPE2.3 External links

http://kb.isc.org/docs/cve-2022-2928


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Memory leak

EUVDB-ID: #VU67943

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2929

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak within the fqdn_universe_decode() function when processing DHCP packets with DNS labels. A remote attacker can send specially crafted DHCP packets to the affected server, trigger memory leak and perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

DHCP: - - 4.4.3

CPE2.3 External links

http://kb.isc.org/docs/cve-2022-2929


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###