First published: Fri Oct 07 2022(Updated: )
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.
Credit: security-officer@isc.org
Affected Software | Affected Version | How to fix |
---|---|---|
ISC DHCP | >=1.0.0<4.1-esv | |
ISC DHCP | >=4.2.0<=4.4.3 | |
ISC DHCP | =4.1-esv-r1 | |
ISC DHCP | =4.1-esv-r10 | |
ISC DHCP | =4.1-esv-r10_b1 | |
ISC DHCP | =4.1-esv-r10_rc1 | |
ISC DHCP | =4.1-esv-r10b1 | |
ISC DHCP | =4.1-esv-r10rc1 | |
ISC DHCP | =4.1-esv-r11 | |
ISC DHCP | =4.1-esv-r11_b1 | |
ISC DHCP | =4.1-esv-r11_rc1 | |
ISC DHCP | =4.1-esv-r11_rc2 | |
ISC DHCP | =4.1-esv-r11b1 | |
ISC DHCP | =4.1-esv-r11rc1 | |
ISC DHCP | =4.1-esv-r11rc2 | |
ISC DHCP | =4.1-esv-r12 | |
ISC DHCP | =4.1-esv-r12-p1 | |
ISC DHCP | =4.1-esv-r12_b1 | |
ISC DHCP | =4.1-esv-r12_p1 | |
ISC DHCP | =4.1-esv-r12b1 | |
ISC DHCP | =4.1-esv-r13 | |
ISC DHCP | =4.1-esv-r13_b1 | |
ISC DHCP | =4.1-esv-r13b1 | |
ISC DHCP | =4.1-esv-r14 | |
ISC DHCP | =4.1-esv-r14_b1 | |
ISC DHCP | =4.1-esv-r14b1 | |
ISC DHCP | =4.1-esv-r15 | |
ISC DHCP | =4.1-esv-r15-p1 | |
ISC DHCP | =4.1-esv-r15_b1 | |
ISC DHCP | =4.1-esv-r16 | |
ISC DHCP | =4.1-esv-r16-p1 | |
Debian Debian Linux | =10.0 | |
Fedoraproject Fedora | =35 | |
Fedoraproject Fedora | =36 | |
Fedoraproject Fedora | =37 |
Upgrade to the patched release most closely related to your current version of ISC DHCP. These can all be downloaded from https://www.isc.org/downloads. 4.4.3-P1 4.1-ESV-R16-P2
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-2929 is a vulnerability in ISC DHCP that could allow an attacker to cause the DHCP server to run out of memory.
ISC DHCP versions 1.0 to 4.4.3 and 4.1-ESV-R1 to 4.1-ESV-R16-P1 are affected by CVE-2022-2929.
CVE-2022-2929 has a severity score of 6.5, which is considered medium.
To fix CVE-2022-2929, it is recommended to update to a patched version of ISC DHCP.
More information about CVE-2022-2929 can be found in the references provided: [reference 1](https://kb.isc.org/docs/cve-2022-2929), [reference 2](https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html), [reference 3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/)