CVE-2021-25217

Name of the Vulnerable Software and Affected Versions ISC DHCP versions 4.1-ESV-R1 through 4.1-ESV-R16 ISC DHCP versions 4.4.0 through 4.4.2

Description The issue is related to a buffer overflow in the memory when reading a lease, which can cause a denial of service. The outcome of encountering the defect varies according to the component being affected, whether the package was built as a 32-bit or 64-bit binary, and whether the compiler flag -fstack-protection-strong was used when compiling. In dhclient, it is possible to cause a crash on a 32-bit system when reading an improper lease, leading to network connectivity problems. In dhcpd, when run in DHCPv4 or DHCPv6 mode, the server may exit or improperly delete leases.

Recommendations For ISC DHCP versions 4.1-ESV-R1 through 4.1-ESV-R16, consider updating to a newer version to mitigate the risk. For ISC DHCP versions 4.4.0 through 4.4.2, consider updating to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the lease database to minimize the risk of exploitation. Avoid using the dhcpd server binary built for a 32-bit architecture with the -fstack-protection-strong compiler flag until a patch is available.