CVE-2014-6060

The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 UNKNOWN
ADJACENT_NETWORK
LOW
AV:A/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
dhcpcd_projectdhcpcd
4.0.0
dhcpcd_projectdhcpcd
4.0.0:alpha1
dhcpcd_projectdhcpcd
4.0.0:alpha2
dhcpcd_projectdhcpcd
4.0.0:alpha3
dhcpcd_projectdhcpcd
4.0.0:beta1
dhcpcd_projectdhcpcd
4.0.0:beta2
dhcpcd_projectdhcpcd
4.0.0:beta3
dhcpcd_projectdhcpcd
4.0.0:beta4
dhcpcd_projectdhcpcd
4.0.0:beta5
dhcpcd_projectdhcpcd
4.0.0:beta6
dhcpcd_projectdhcpcd
4.0.0:beta7
dhcpcd_projectdhcpcd
4.0.0:beta8
dhcpcd_projectdhcpcd
4.0.0:beta9
dhcpcd_projectdhcpcd
4.0.0:rc1
dhcpcd_projectdhcpcd
4.0.0:rc2
dhcpcd_projectdhcpcd
4.0.0:rc3
dhcpcd_projectdhcpcd
4.0.0:rc4
dhcpcd_projectdhcpcd
4.0.0:rc5
dhcpcd_projectdhcpcd
4.0.1
dhcpcd_projectdhcpcd
4.0.2
dhcpcd_projectdhcpcd
4.0.3
dhcpcd_projectdhcpcd
4.0.4
dhcpcd_projectdhcpcd
4.0.5
dhcpcd_projectdhcpcd
4.0.6
dhcpcd_projectdhcpcd
4.0.7
dhcpcd_projectdhcpcd
4.0.10
dhcpcd_projectdhcpcd
4.0.11
dhcpcd_projectdhcpcd
4.0.12
dhcpcd_projectdhcpcd
4.0.13
dhcpcd_projectdhcpcd
4.0.14
dhcpcd_projectdhcpcd
4.0.15
dhcpcd_projectdhcpcd
5.0.0
dhcpcd_projectdhcpcd
5.0.1
dhcpcd_projectdhcpcd
5.0.3
dhcpcd_projectdhcpcd
5.0.4
dhcpcd_projectdhcpcd
5.0.6
dhcpcd_projectdhcpcd
5.0.7
dhcpcd_projectdhcpcd
5.0.8
dhcpcd_projectdhcpcd
5.0.9
dhcpcd_projectdhcpcd
5.1.0
dhcpcd_projectdhcpcd
5.1.1
dhcpcd_projectdhcpcd
5.1.2
dhcpcd_projectdhcpcd
5.1.3
dhcpcd_projectdhcpcd
5.1.4
dhcpcd_projectdhcpcd
5.1.5
dhcpcd_projectdhcpcd
5.2.0
dhcpcd_projectdhcpcd
5.2.1
dhcpcd_projectdhcpcd
5.2.3
dhcpcd_projectdhcpcd
5.2.4
dhcpcd_projectdhcpcd
5.2.5
dhcpcd_projectdhcpcd
5.2.6
dhcpcd_projectdhcpcd
5.2.7
dhcpcd_projectdhcpcd
5.2.8
dhcpcd_projectdhcpcd
5.2.9
dhcpcd_projectdhcpcd
5.2.10
dhcpcd_projectdhcpcd
5.2.11
dhcpcd_projectdhcpcd
5.2.12
dhcpcd_projectdhcpcd
5.5.0
dhcpcd_projectdhcpcd
5.5.1
dhcpcd_projectdhcpcd
5.5.1:test1
dhcpcd_projectdhcpcd
5.5.2
dhcpcd_projectdhcpcd
5.5.3
dhcpcd_projectdhcpcd
5.5.4
dhcpcd_projectdhcpcd
5.5.5
dhcpcd_projectdhcpcd
5.5.6
dhcpcd_projectdhcpcd
5.6.0
dhcpcd_projectdhcpcd
5.6.1
dhcpcd_projectdhcpcd
5.6.2
dhcpcd_projectdhcpcd
5.6.3
dhcpcd_projectdhcpcd
5.6.4
dhcpcd_projectdhcpcd
5.6.5
dhcpcd_projectdhcpcd
5.6.6
dhcpcd_projectdhcpcd
5.6.7
dhcpcd_projectdhcpcd
5.6.8
dhcpcd_projectdhcpcd
5.99.2
dhcpcd_projectdhcpcd
5.99.3
dhcpcd_projectdhcpcd
5.99.4
dhcpcd_projectdhcpcd
5.99.5
dhcpcd_projectdhcpcd
5.99.6
dhcpcd_projectdhcpcd
5.99.7
dhcpcd_projectdhcpcd
6.0.0
dhcpcd_projectdhcpcd
6.0.1
dhcpcd_projectdhcpcd
6.0.2
dhcpcd_projectdhcpcd
6.0.3
dhcpcd_projectdhcpcd
6.0.4
dhcpcd_projectdhcpcd
6.0.5
dhcpcd_projectdhcpcd
6.1.0
dhcpcd_projectdhcpcd
6.2.0
dhcpcd_projectdhcpcd
6.2.1
dhcpcd_projectdhcpcd
6.3.0
dhcpcd_projectdhcpcd
6.3.1
dhcpcd_projectdhcpcd
6.3.2
dhcpcd_projectdhcpcd
6.4.0
dhcpcd_projectdhcpcd
6.4.1
dhcpcd_projectdhcpcd
6.4.2
googleandroid
𝑥
≤ 4.4.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dhcpcd
sid
1:10.1.0-1
fixed
trixie
1:10.1.0-1
fixed
dhcpcd5
bullseye
7.1.0-2
fixed
bookworm
9.4.1-24~deb12u4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dhcpcd
cosmic
dne
bionic
dne
artful
dne
zesty
dne
yakkety
dne
xenial
dne
wily
dne
vivid
not-affected
utopic
not-affected
trusty
dne
precise
not-affected
lucid
not-affected
dhcpcd5
cosmic
not-affected
bionic
not-affected
artful
not-affected
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
ignored
utopic
ignored
trusty
Fixed 6.0.5-2build0.14.04.1
released
precise
ignored
lucid
dne
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2014-0334.html
http://roy.marples.name/projects/dhcpcd/ci/1d2b93aa5ce25a8a710082fe2d36a6bf7f5794d5?sbs=0
http://source.android.com/security/bulletin/2016-04-02.html
http://www.mandriva.com/security/advisories?name=MDVSA-2014:171
http://www.openwall.com/lists/oss-security/2014/07/30/5
http://www.openwall.com/lists/oss-security/2014/09/01/11
http://www.securityfocus.com/bid/68970
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.462420
http://advisories.mageia.org/MGASA-2014-0334.html
http://roy.marples.name/projects/dhcpcd/ci/1d2b93aa5ce25a8a710082fe2d36a6bf7f5794d5?sbs=0
http://source.android.com/security/bulletin/2016-04-02.html
http://www.mandriva.com/security/advisories?name=MDVSA-2014:171
http://www.openwall.com/lists/oss-security/2014/07/30/5
http://www.openwall.com/lists/oss-security/2014/09/01/11
http://www.securityfocus.com/bid/68970
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.462420