CVE-2013-2494

libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.9 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:S/C:N/I:N/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
iscdhcp
4.2.0
iscdhcp
4.2.0:a1
iscdhcp
4.2.0:a2
iscdhcp
4.2.0:b1
iscdhcp
4.2.0:b2
iscdhcp
4.2.0:p1
iscdhcp
4.2.0:rc1
iscdhcp
4.2.1
iscdhcp
4.2.1:b1
iscdhcp
4.2.1:rc1
iscdhcp
4.2.2
iscdhcp
4.2.2:b1
iscdhcp
4.2.2:rc1
iscdhcp
4.2.3
iscdhcp
4.2.3:p1
iscdhcp
4.2.3:p2
iscdhcp
4.2.4
iscdhcp
4.2.4:p1
iscdhcp
4.2.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
isc-dhcp
bullseye
4.4.1-2.3+deb11u2
fixed
squeeze
not-affected
bullseye (security)
4.4.1-2.3+deb11u1
fixed
bookworm
4.4.3-P1-2
fixed
sid
4.4.3-P1-5
fixed
trixie
4.4.3-P1-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dhcp3
wily
dne
vivid
dne
utopic
dne
trusty
dne
saucy
dne
raring
dne
quantal
dne
precise
dne
oneiric
dne
lucid
not-affected
hardy
not-affected
isc-dhcp
wily
not-affected
vivid
not-affected
utopic
ignored
trusty
not-affected
saucy
ignored
raring
ignored
quantal
ignored
precise
not-affected
oneiric
not-affected
lucid
dne
hardy
dne
Common Weakness Enumeration
References
https://kb.isc.org/article/AA-00880/
https://kb.isc.org/article/AA-00880/