Search CVE reports
31 – 40 of 56 results
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
2 affected packages
bind9, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bind9 | — | Fixed | Fixed | Fixed |
| isc-dhcp | — | Not affected | Not affected | Not affected |
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
2 affected packages
bind9, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bind9 | — | Not affected | Fixed | Fixed |
| isc-dhcp | — | Not affected | Not affected | Not affected |
By sending specific queries to the resolver, an attacker can cause named to crash.
2 affected packages
bind9, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bind9 | — | Fixed | Not affected | Not affected |
| isc-dhcp | — | Not affected | Not affected | Not affected |
An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.
2 affected packages
bind9, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bind9 | — | Fixed | Not affected | Not affected |
| isc-dhcp | — | Not affected | Not affected | Not affected |
The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.
2 affected packages
bind9, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bind9 | — | Fixed | Not affected | Not affected |
| isc-dhcp | — | Not affected | Not affected | Not affected |
Some fixes available 12 of 21
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
3 affected packages
isc-dhcp, bind9, bind9-libs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| isc-dhcp | Vulnerable | Not affected | Not affected | Not affected |
| bind9 | Fixed | Fixed | Fixed | Fixed |
| bind9-libs | Not in release | Needs evaluation | Needs evaluation | Not in release |
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported...
1 affected package
isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| isc-dhcp | — | Fixed | Fixed | Fixed |
An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable.
2 affected packages
dhcp3, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dhcp3 | — | — | — | — |
| isc-dhcp | — | — | — | — |
There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in...
1 affected package
isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| isc-dhcp | — | — | — | Fixed |
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 ->...
1 affected package
isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| isc-dhcp | — | — | — | Fixed |