Andrew Steets

**Name of the Vulnerable Software and Affected Versions** ISC DHCP (dhcpd) server version 2.0pl5 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash. This is achieved by sending a DHCPDISCOVER packet with a 32 byte client-identifier, which is interpreted as a corrupt uid, causing the server to exit with a "corrupt lease uid" error. **Recommendations** For ISC DHCP (dhcpd) server version 2.0pl5, consider restricting access to the `supersede lease` function in memory.c until a patch is available. As a temporary workaround, avoid using client-identifiers of 32 bytes in DHCPDISCOVER packets to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.