6.5

CVE-2015-8605

ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.

Data is provided by the National Vulnerability Database (NVD)
IscDhcp Version4.0.0
IscDhcp Version4.0.1
IscDhcp Version4.0.2 Update-
IscDhcp Version4.0.2 Updatep1
IscDhcp Version4.0.3 Update-
IscDhcp Version4.0.3 Updaterc1
IscDhcp Version4.1-esv Update-
IscDhcp Version4.1-esv Updater1
IscDhcp Version4.1-esv Updater10
IscDhcp Version4.1-esv Updater10_b1
IscDhcp Version4.1-esv Updater11_b1
IscDhcp Version4.1-esv Updater11_rc1
IscDhcp Version4.1-esv Updater11_rc2
IscDhcp Version4.1-esv Updater12
IscDhcp Version4.1-esv Updater12_b1
IscDhcp Version4.1-esv Updater2
IscDhcp Version4.1-esv Updater3
IscDhcp Version4.1-esv Updater3_b1
IscDhcp Version4.1-esv Updater4
IscDhcp Version4.1-esv Updater5
IscDhcp Version4.1-esv Updater5_b1
IscDhcp Version4.1-esv Updater5_rc1
IscDhcp Version4.1-esv Updater5_rc2
IscDhcp Version4.1-esv Updater6
IscDhcp Version4.1-esv Updater7
IscDhcp Version4.1-esv Updater8
IscDhcp Version4.1-esv Updater8_b1
IscDhcp Version4.1-esv Updater8_rc1
IscDhcp Version4.1-esv Updater9
IscDhcp Version4.1-esv Updater9_b1
IscDhcp Version4.1-esv Updater9_rc1
IscDhcp Version4.1.0 Update-
IscDhcp Version4.1.1 Update-
IscDhcp Version4.1.1 Updatep1
IscDhcp Version4.1.2 Update-
IscDhcp Version4.1.2 Updateb1
IscDhcp Version4.1.2 Updatep1
IscDhcp Version4.1.2 Updaterc1
IscDhcp Version4.2.0 Update-
IscDhcp Version4.2.0 Updatep1
IscDhcp Version4.2.0 Updatep2
IscDhcp Version4.2.1 Update-
IscDhcp Version4.2.1 Updateb1
IscDhcp Version4.2.1 Updatep1
IscDhcp Version4.2.1 Updaterc1
IscDhcp Version4.2.2 Update-
IscDhcp Version4.2.2 Updateb1
IscDhcp Version4.2.2 Updaterc1
IscDhcp Version4.2.3 Update-
IscDhcp Version4.2.3 Updatep1
IscDhcp Version4.2.3 Updatep2
IscDhcp Version4.2.4 Update-
IscDhcp Version4.2.4 Updateb1
IscDhcp Version4.2.4 Updatep1
IscDhcp Version4.2.4 Updatep2
IscDhcp Version4.2.4 Updaterc1
IscDhcp Version4.2.4 Updaterc2
IscDhcp Version4.2.5 Update-
IscDhcp Version4.2.5 Updateb1
IscDhcp Version4.2.5 Updatep1
IscDhcp Version4.2.5 Updaterc1
IscDhcp Version4.2.6 Update-
IscDhcp Version4.2.6 Updateb1
IscDhcp Version4.2.6 Updaterc1
IscDhcp Version4.2.7
IscDhcp Version4.2.7 Updateb1
IscDhcp Version4.2.7 Updaterc1
IscDhcp Version4.2.8
IscDhcp Version4.2.8 Updateb1
IscDhcp Version4.2.8 Updaterc1
IscDhcp Version4.2.8 Updaterc2
IscDhcp Version4.3.0
IscDhcp Version4.3.0 Updatea1
IscDhcp Version4.3.0 Updateb1
IscDhcp Version4.3.0 Updaterc1
IscDhcp Version4.3.1
IscDhcp Version4.3.1 Updateb1
IscDhcp Version4.3.1 Updaterc1
IscDhcp Version4.3.2
IscDhcp Version4.3.2 Updateb1
IscDhcp Version4.3.2 Updaterc1
IscDhcp Version4.3.2 Updaterc2
IscDhcp Version4.3.3
IscDhcp Version4.3.3 Updateb1
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.04
CanonicalUbuntu Linux Version15.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 49.97% 0.978
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5.7 5.5 6.9
AV:A/AC:M/Au:N/C:N/I:N/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/80703
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1034657
Third Party Advisory
VDB Entry