CVE-2012-3571 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.1 UNKNOWN	ADJACENT_NETWORK	LOW		AV:A/AC:L/Au:N/C:N/I:N/A:C
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 95%

Vendor	Product	Version
isc	dhcp	4.1.2
isc	dhcp	4.2.0
isc	dhcp	4.2.0:a1
isc	dhcp	4.2.0:a2
isc	dhcp	4.2.0:b1
isc	dhcp	4.2.0:b2
isc	dhcp	4.2.0:p1
isc	dhcp	4.2.0:rc1
isc	dhcp	4.2.1
isc	dhcp	4.2.1:b1
isc	dhcp	4.2.1:rc1
isc	dhcp	4.2.2
isc	dhcp	4.2.2:b1
isc	dhcp	4.2.2:rc1
isc	dhcp	4.2.3
isc	dhcp	4.2.3:p1
isc	dhcp	4.2.3:p2
isc	dhcp	4.2.4
isc	dhcp	4.1-esv
isc	dhcp	4.1-esv:r1
isc	dhcp	4.1-esv:r2
isc	dhcp	4.1-esv:r3
isc	dhcp	4.1-esv:r3_b1
isc	dhcp	4.1-esv:r4
isc	dhcp	4.1-esv:r5
isc	dhcp	4.1-esv:r5_b1
isc	dhcp	4.1-esv:r5_rc1
isc	dhcp	4.1-esv:r5_rc2
canonical	ubuntu_linux	11.04
canonical	ubuntu_linux	11.10
canonical	ubuntu_linux	12.04
debian	debian_linux	6.0
debian	debian_linux	7.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

isc-dhcp

bullseye	4.4.1-2.3+deb11u2 fixed
bullseye (security)	4.4.1-2.3+deb11u1 fixed
bookworm	4.4.3-P1-2 fixed
sid	4.4.3-P1-5 fixed
trixie	4.4.3-P1-5 fixed

Ubuntu Releases

Ubuntu Product

Codename

dhcp3

precise	dne
oneiric	dne
natty	dne
lucid	not-affected
hardy	not-affected

isc-dhcp

precise	Fixed 4.1.ESV-R4-0ubuntu5.2 released
oneiric	Fixed 4.1.1-P1-17ubuntu10.3 released
natty	Fixed 4.1.1-P1-15ubuntu9.4 released
lucid	dne
hardy	dne

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html

http://rhn.redhat.com/errata/RHSA-2012-1140.html

http://rhn.redhat.com/errata/RHSA-2012-1141.html

http://security.gentoo.org/glsa/glsa-201301-06.xml

http://www.debian.org/security/2012/dsa-2516

http://www.debian.org/security/2012/dsa-2519

http://www.mandriva.com/security/advisories?name=MDVSA-2012:115

http://www.mandriva.com/security/advisories?name=MDVSA-2012:116

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/bid/54665

http://www.ubuntu.com/usn/USN-1519-1

https://kb.isc.org/article/AA-00712

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html

http://rhn.redhat.com/errata/RHSA-2012-1140.html

http://rhn.redhat.com/errata/RHSA-2012-1141.html

http://security.gentoo.org/glsa/glsa-201301-06.xml

http://www.debian.org/security/2012/dsa-2516

http://www.debian.org/security/2012/dsa-2519

http://www.mandriva.com/security/advisories?name=MDVSA-2012:115

http://www.mandriva.com/security/advisories?name=MDVSA-2012:116

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/bid/54665

http://www.ubuntu.com/usn/USN-1519-1

https://kb.isc.org/article/AA-00712