{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-2929","assignerOrgId":"404fd4d2-a609-4245-b543-2c944a302a22","assignerShortName":"isc","dateUpdated":"2024-09-16T18:28:37.665Z","dateReserved":"2022-08-22T00:00:00.000Z","datePublished":"2022-10-07T04:45:12.836Z"},"containers":{"cna":{"title":"DHCP memory leak","datePublic":"2022-10-05T00:00:00.000Z","providerMetadata":{"orgId":"404fd4d2-a609-4245-b543-2c944a302a22","shortName":"isc","dateUpdated":"2023-05-03T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory."}],"affected":[{"vendor":"ISC","product":"ISC DHCP","versions":[{"version":"1.0 through versions before 4.1-ESV-R16-P2","status":"affected"},{"version":"4.2 through versions before 4.4.3.-P1","status":"affected"}]}],"references":[{"url":"https://kb.isc.org/docs/cve-2022-2929"},{"name":"[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"},{"name":"FEDORA-2022-f5a45757df","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"},{"name":"FEDORA-2022-9ca9a94e28","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"},{"name":"FEDORA-2022-c4f274a54f","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"},{"name":"GLSA-202305-22","tags":["vendor-advisory"],"url":"https://security.gentoo.org/glsa/202305-22"}],"credits":[{"lang":"en","value":"ISC would like to thank VictorV of Cyber Kunlun Lab for discovering and reporting this issue."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"The function fqdn_universe_decode() allocates buffer space for the contents of option 81 (fqdn) data received in a DHCP packet. The maximum length of a DNS label is 63 bytes. The function tests the length byte of each label contained in the fqdn; if it finds a label whose length byte value is larger than 63, it returns without dereferencing the buffer space. This will cause a memory leak. Affects In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1"}]}],"source":{"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","value":"As exploiting this vulnerability requires an attacker to send packets for an extended period of time, restarting servers periodically could be a viable workaround."}],"exploits":[{"lang":"en","value":"We are not aware of any active exploits."}],"solutions":[{"lang":"en","value":"Upgrade to the patched release most closely related to your current version of ISC DHCP. These can all be downloaded from https://www.isc.org/downloads.  4.4.3-P1 4.1-ESV-R16-P2"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T00:52:59.819Z"},"title":"CVE Program Container","references":[{"url":"https://kb.isc.org/docs/cve-2022-2929","tags":["x_transferred"]},{"name":"[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"},{"name":"FEDORA-2022-f5a45757df","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"},{"name":"FEDORA-2022-9ca9a94e28","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"},{"name":"FEDORA-2022-c4f274a54f","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"},{"name":"GLSA-202305-22","tags":["vendor-advisory","x_transferred"],"url":"https://security.gentoo.org/glsa/202305-22"}]}]}}