mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-09 02:45:46 +02:00
marc
1.4 KiB
1.4 KiB
CVE-2022-2929
%20allocates%20buffer%20space%20for%20the%20contents%20of%20option%2081%20(fqdn)%20data%20received%20in%20a%20DHCP%20packet.%20The%20maximum%20length%20of%20a%20DNS%20label%20is%2063%20bytes.%20The%20function%20tests%20the%20length%20byte%20of%20each%20label%20contained%20in%20the%20fqdn%3B%20if%20it%20finds%20a%20label%20whose%20length%20byte%20value%20is%20larger%20than%2063%2C%20it%20returns%20without%20dereferencing%20the%20buffer%20space.%20This%20will%20cause%20a%20memory%20leak.%20Affects%20In%20ISC%20DHCP%201.0%20-%3E%204.4.3%2C%20ISC%20DHCP%204.1-ESV-R1%20-%3E%204.1-ESV-R16-P1&color=brighgreen)
Description
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.
POC
Reference
No PoCs from references.