PT-2022-7560 · Isc+8 · Isc Dhcp+8

Victorv

·

Published

2022-09-28

·

Updated

2024-06-15

·

CVE-2022-2928

CVSS v3.1

6.5

Medium

VectorAV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions ISC DHCP versions 4.1-ESV-R1 through 4.1-ESV-R16-P1 ISC DHCP versions 4.4.0 through 4.4.3
Description The issue is related to the function add option() in ISC DHCP, which is used in server responses to lease query packets. When option code hash lookup() is called from add option(), it increases the option's refcount field, but there is no corresponding call to option dereference() to decrement the refcount field. This can cause the reference counters to overflow, leading to a server abort. The vulnerability can be exploited by a remote attacker to cause a denial of service.
Recommendations For ISC DHCP versions 4.1-ESV-R1 through 4.1-ESV-R16-P1, update to a version that includes a fix for the issue. For ISC DHCP versions 4.4.0 through 4.4.3, update to a version that includes a fix for the issue. As a temporary workaround, consider restricting access to the add option() function to minimize the risk of exploitation.

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2023:2502
ALSA-2023:3000
ALT-PU-2022-2744
ALT-PU-2022-2839
ALT-PU-2023-1273
ALT-PU-2023-6824
BDU:2024-07316
CESA-2023_3000
CVE-2022-2928
DLA-3146-1
DSA-5251-1
MGASA-2022-0374
OESA-2022-2009
OPENSUSE-SU-2022_3991-1
OPENSUSE-SU-2024:12390-1
RHSA-2023:2502
RHSA-2023:3000
RHSA-2023_2502
RHSA-2023_3000
SUSE-SU-2022:3991-1
SUSE-SU-2022:3992-1
SUSE-SU-2022_3991-1
SUSE-SU-2022_3992-1
USN-5658-1
USN-5658-2
USN-5658-3

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Isc Dhcp
Linuxmint
Red Hat
Suse
Ubuntu