#VU67944 Input validation error in DHCP


Published: 2022-10-05

Vulnerability identifier: #VU67944

Vulnerability risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2928

CWE-ID: CWE-20

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
DHCP
Server applications / Other server solutions

Vendor: ISC

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error related to the way processing lease queries are processed by the DHCP server. With a DHCP server configured with "allow leasequery;" a remote attacker can send lease queries for the same lease multiple times, leading to the "add_option()" function being repeatedly called. This can cause an option's "refcount" field to overflow and the server to abort.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

DHCP: 3.0 - 3.0.7, 4.4.0 - 4.4.3 b1, 4.1-esv - 4.1.2-P1, 4.3.0 - 4.3.6-P1, 4.2.0 - 4.2.8 rc2, 4.0 - 4.0.3 rc1, 3.1 - 3.1.3, 2.0

External links
http://kb.isc.org/docs/cve-2022-2928

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell Networking OS10
Multiple vulnerabilities in Red Hat OpenShift Container Platform release 4.13
Multiple vulnerabilities in Dell NetWorker vProxy
Multiple vulnerabilities in Multicluster Engine for Kubernetes 2.0
Multiple vulnerabilities in Multicluster Engine for Kubernetes 2.1
Multiple vulnerabilities in Multicluster Engine for Kubernetes 2.2
Red Hat Enterprise Linux 8 update for dhcp
Red Hat Enterprise Linux 9 update for dhcp
Gentoo update for ISC DHCP
Multiple vulnerabilities in Oracle Linux