RSS   Vulnerabilities for 'Dhcpcd'   RSS

2019-05-05
 
CVE-2019-11766

CWE-125
 

 
dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.

 
2019-04-28
 
CVE-2019-11579

CWE-119
 

 
dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED.

 
 
CVE-2019-11578

CWE-310
 

 
auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks.

 
 
CVE-2019-11577

CWE-119
 

 
dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp6.c when reading NA/TA addresses.

 
2017-02-07
 
CVE-2016-1504

 

 
dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length.

 
2016-04-17
 
CVE-2016-1503

 

 
dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634.

 
2016-04-11
 
CVE-2012-6700

 

 
The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response.

 
 
CVE-2012-6699

 

 
The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response.

 
 
CVE-2012-6698

 

 
The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response.

 
2015-07-29
 
CVE-2014-7913

 

 
The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted message.

 


Copyright 2019, cxsecurity.com

 

Back to Top