CVE-2011-4868
Severity CVSS v4.0:
Pending analysis
Type:
CWE-399
Resource Management Errors
Publication date:
15/01/2012
Last modified:
11/04/2025
Description
The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update.
Impact
Base Score 2.0
6.10
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:isc:dhcp:*:p1:*:*:*:*:*:* | 4.2.3 (including) | |
| cpe:2.3:a:isc:dhcp:3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel1:*:*:*:*:* | ||
| cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel10:*:*:*:*:* | ||
| cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel11:*:*:*:*:* | ||
| cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel12:*:*:*:*:* | ||
| cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel13:*:*:*:*:* | ||
| cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel14:*:*:*:*:* | ||
| cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel15:*:*:*:*:* | ||
| cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel16:*:*:*:*:* | ||
| cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel18:*:*:*:*:* | ||
| cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel19:*:*:*:*:* | ||
| cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel2:*:*:*:*:* | ||
| cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel20:*:*:*:*:* | ||
| cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel21:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://security.gentoo.org/glsa/glsa-201301-06.xml
- https://deepthought.isc.org/article/AA-00595
- https://kb.isc.org/article/AA-00705
- https://www.isc.org/software/dhcp/advisories/cve-2011-4868
- http://security.gentoo.org/glsa/glsa-201301-06.xml
- https://deepthought.isc.org/article/AA-00595
- https://kb.isc.org/article/AA-00705
- https://www.isc.org/software/dhcp/advisories/cve-2011-4868