CVE-2012-3954

Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 UNKNOWN
ADJACENT_NETWORK
LOW
AV:A/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
iscdhcp
4.1.0
iscdhcp
4.1.0:a1
iscdhcp
4.1.0:a2
iscdhcp
4.1.0:b1
iscdhcp
4.1.1
iscdhcp
4.1.1:b1
iscdhcp
4.1.1:b2
iscdhcp
4.1.1:b3
iscdhcp
4.1.1:rc1
iscdhcp
4.1.2
iscdhcp
4.1.2:b1
iscdhcp
4.1.2:p1
iscdhcp
4.1.2:rc1
iscdhcp
4.2.0
iscdhcp
4.2.0:a1
iscdhcp
4.2.0:a2
iscdhcp
4.2.0:b1
iscdhcp
4.2.0:b2
iscdhcp
4.2.0:p1
iscdhcp
4.2.0:rc1
iscdhcp
4.2.1
iscdhcp
4.2.1:b1
iscdhcp
4.2.1:rc1
iscdhcp
4.2.2
iscdhcp
4.2.2:b1
iscdhcp
4.2.2:rc1
iscdhcp
4.2.3
iscdhcp
4.2.3:p1
iscdhcp
4.2.3:p2
iscdhcp
4.2.4
iscdhcp
4.1-esv
iscdhcp
4.1-esv:r1
iscdhcp
4.1-esv:r2
iscdhcp
4.1-esv:r3
iscdhcp
4.1-esv:r3_b1
iscdhcp
4.1-esv:r4
iscdhcp
4.1-esv:r5
iscdhcp
4.1-esv:r5_b1
iscdhcp
4.1-esv:r5_rc1
iscdhcp
4.1-esv:r5_rc2
iscdhcp
4.1-esv:rc1
debiandebian_linux
6.0
debiandebian_linux
7.0
canonicalubuntu_linux
11.04
canonicalubuntu_linux
11.10
canonicalubuntu_linux
12.04
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
isc-dhcp
bullseye
4.4.1-2.3+deb11u2
fixed
bullseye (security)
4.4.1-2.3+deb11u1
fixed
bookworm
4.4.3-P1-2
fixed
sid
4.4.3-P1-5
fixed
trixie
4.4.3-P1-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dhcp3
precise
dne
oneiric
dne
natty
dne
lucid
not-affected
hardy
not-affected
isc-dhcp
precise
Fixed 4.1.ESV-R4-0ubuntu5.2
released
oneiric
Fixed 4.1.1-P1-17ubuntu10.3
released
natty
Fixed 4.1.1-P1-15ubuntu9.4
released
lucid
dne
hardy
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html
http://rhn.redhat.com/errata/RHSA-2012-1141.html
http://security.gentoo.org/glsa/glsa-201301-06.xml
http://www.debian.org/security/2012/dsa-2516
http://www.debian.org/security/2012/dsa-2519
http://www.mandriva.com/security/advisories?name=MDVSA-2012:115
http://www.mandriva.com/security/advisories?name=MDVSA-2012:116
http://www.securityfocus.com/bid/54665
http://www.securitytracker.com/id?1027300
http://www.ubuntu.com/usn/USN-1519-1
https://kb.isc.org/article/AA-00737
http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html
http://rhn.redhat.com/errata/RHSA-2012-1141.html
http://security.gentoo.org/glsa/glsa-201301-06.xml
http://www.debian.org/security/2012/dsa-2516
http://www.debian.org/security/2012/dsa-2519
http://www.mandriva.com/security/advisories?name=MDVSA-2012:115
http://www.mandriva.com/security/advisories?name=MDVSA-2012:116
http://www.securityfocus.com/bid/54665
http://www.securitytracker.com/id?1027300
http://www.ubuntu.com/usn/USN-1519-1
https://kb.isc.org/article/AA-00737