Vulnerability Description
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Isc | Dhcp | >= 1.0.0, < 4.1-esv |
| Debian | Debian Linux | 10.0 |
| Fedoraproject | Fedora | 35 |
Related Weaknesses (CWE)
References
- https://kb.isc.org/docs/cve-2022-2929Vendor Advisory
- https://lists.debian.org/debian-lts-announce/2022/10/msg00015.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.gentoo.org/glsa/202305-22
- https://kb.isc.org/docs/cve-2022-2929Vendor Advisory
- https://lists.debian.org/debian-lts-announce/2022/10/msg00015.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.gentoo.org/glsa/202305-22
FAQ
What is CVE-2022-2929?
CVE-2022-2929 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause ...
How severe is CVE-2022-2929?
CVE-2022-2929 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-2929?
Check the references section above for vendor advisories and patch information. Affected products include: Isc Dhcp, Debian Debian Linux, Fedoraproject Fedora.