CVE-2012-3570

EPSS 4.05%
Veröffentlicht 25.07.2012 10:42:35
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Isc ≫ Dhcp Version4.2.0

Isc ≫ Dhcp Version4.2.0 Updatea1

Isc ≫ Dhcp Version4.2.0 Updatea2

Isc ≫ Dhcp Version4.2.0 Updateb1

Isc ≫ Dhcp Version4.2.0 Updateb2

Isc ≫ Dhcp Version4.2.0 Updatep1

Isc ≫ Dhcp Version4.2.0 Updaterc1

Isc ≫ Dhcp Version4.2.1

Isc ≫ Dhcp Version4.2.1 Updateb1

Isc ≫ Dhcp Version4.2.1 Updaterc1

Isc ≫ Dhcp Version4.2.2

Isc ≫ Dhcp Version4.2.2 Updateb1

Isc ≫ Dhcp Version4.2.2 Updaterc1

Isc ≫ Dhcp Version4.2.3

Isc ≫ Dhcp Version4.2.3 Updatep1

Isc ≫ Dhcp Version4.2.3 Updatep2

Isc ≫ Dhcp Version4.2.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.05%	0.874

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.7	5.5	6.9	AV:A/AC:M/Au:N/C:N/I:N/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://security.gentoo.org/glsa/glsa-201301-06.xml

http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html

http://www.mandriva.com/security/advisories?name=MDVSA-2012:115

http://www.securityfocus.com/bid/54665

https://kb.isc.org/article/AA-00714

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2012-3570

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-3570

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-3570

EUVD