PT-2024-13937 · Unknown · Simple-Dhcp-Server
Published
2024-04-29
·
Updated
2024-11-20
·
CVE-2023-50432
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
simple-dhcp-server through ec976d2
Description
The issue allows remote attackers to cause a denial of service (daemon crash) by sending a DHCP packet without any option fields, which causes
free packet in dhcp packet.c to dereference a NULL pointer. This can be triggered remotely, but there is no known exploit at this time.Recommendations
For simple-dhcp-server through ec976d2, as a temporary workaround, consider restricting access to the DHCP service until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simple-Dhcp-Server