Vulnerability Description
The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a large length value of an option in a DHCPACK message.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dhcpcd Project | Dhcpcd | <= 6.1.0 |
| Android | All versions |
Related Weaknesses (CWE)
References
- http://www.securitytracker.com/id/1033124
- http://www.zerodayinitiative.com/advisories/ZDI-15-093/
- https://android.googlesource.com/platform/external/dhcpcd/+/73c09dd8067250734511
- http://www.securitytracker.com/id/1033124
- http://www.zerodayinitiative.com/advisories/ZDI-15-093/
- https://android.googlesource.com/platform/external/dhcpcd/+/73c09dd8067250734511
FAQ
What is CVE-2014-7912?
CVE-2014-7912 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of dat...
How severe is CVE-2014-7912?
CVE-2014-7912 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-7912?
Check the references section above for vendor advisories and patch information. Affected products include: Dhcpcd Project Dhcpcd, Google Android.