CVE-2022-2929

Name
CVE-2022-2929
Description
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://kb.isc.org/docs/cve-2022-2929
MISC https://www.cve.org/CVERecord?id=CVE-2022-2929
MLIST https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/
GENTOO https://security.gentoo.org/glsa/202305-22
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:* dhcp == None == 4.1-esv
cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:* dhcp >= 4.2.0 <= 4.4.3
cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:* dhcp >= 1.0.0 < 4.1-esv

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
dhcp 3.16-main 4.4.3_p1-r0 Jakub Jirutka <jakub@jirutka.cz> fixed