CVE-2014-7912: Buffer Overflow
First published: Thu Jul 30 2015(Updated: )
The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a large length value of an option in a DHCPACK message.
Credit: cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| dhcpcd | <=6.1.0 | |
| Android |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-7912?
CVE-2014-7912 is considered a critical vulnerability due to its potential to allow remote arbitrary code execution and denial of service.
How do I fix CVE-2014-7912?
To fix CVE-2014-7912, upgrade to dhcpcd version 6.2.0 or later, which includes necessary validation improvements.
What software is affected by CVE-2014-7912?
CVE-2014-7912 affects dhcpcd versions prior to 6.2.0, particularly dhcpcd 5.x used in certain Android versions before 5.1.
Can CVE-2014-7912 lead to data breaches?
Yes, CVE-2014-7912 can potentially lead to data breaches as it allows execution of arbitrary code by remote DHCP servers.
Is there a workaround for CVE-2014-7912?
Currently, there are no known effective workarounds for CVE-2014-7912 aside from upgrading dhcpcd to the latest version.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/dhcpcd project
- canonical/dhcpcd
- version/dhcpcd/6.1.0
- vendor/google
- canonical/android