Vulnerability Description
The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response.
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | 7.0 |
| Dhcpcd Project | Dhcpcd | 3.1.9 |
Related Weaknesses (CWE)
References
- http://www.debian.org/security/2016/dsa-3534
- http://www.openwall.com/lists/oss-security/2015/12/02/1
- http://www.openwall.com/lists/oss-security/2015/12/03/1
- https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226
- https://launchpadlibrarian.net/228152582/dhcp.c.patch
- http://www.debian.org/security/2016/dsa-3534
- http://www.openwall.com/lists/oss-security/2015/12/02/1
- http://www.openwall.com/lists/oss-security/2015/12/03/1
- https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226
- https://launchpadlibrarian.net/228152582/dhcp.c.patch
FAQ
What is CVE-2012-6700?
CVE-2012-6700 is a vulnerability with a CVSS score of 7.5 (HIGH). The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response.
How severe is CVE-2012-6700?
CVE-2012-6700 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-6700?
Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Dhcpcd Project Dhcpcd.