CVE-2021-25217

In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.4 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
iscCNA
7.4 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
iscdhcp
4.4.0 ≤
𝑥
≤ 4.4.2
iscdhcp
4.1-esv:r1
iscdhcp
4.1-esv:r10
iscdhcp
4.1-esv:r10_b1
iscdhcp
4.1-esv:r10_rc1
iscdhcp
4.1-esv:r10b1
iscdhcp
4.1-esv:r10rc1
iscdhcp
4.1-esv:r11
iscdhcp
4.1-esv:r11_b1
iscdhcp
4.1-esv:r11_rc1
iscdhcp
4.1-esv:r11_rc2
iscdhcp
4.1-esv:r11b1
iscdhcp
4.1-esv:r11rc1
iscdhcp
4.1-esv:r11rc2
iscdhcp
4.1-esv:r12
iscdhcp
4.1-esv:r12-p1
iscdhcp
4.1-esv:r12_b1
iscdhcp
4.1-esv:r12_p1
iscdhcp
4.1-esv:r12b1
iscdhcp
4.1-esv:r13
iscdhcp
4.1-esv:r13_b1
iscdhcp
4.1-esv:r13b1
iscdhcp
4.1-esv:r14
iscdhcp
4.1-esv:r14_b1
iscdhcp
4.1-esv:r14b1
iscdhcp
4.1-esv:r15
iscdhcp
4.1-esv:r15-p1
iscdhcp
4.1-esv:r15_b1
iscdhcp
4.1-esv:r16
debiandebian_linux
9.0
siemensruggedcom_rox_rx1400_firmware
𝑥
< 2.15.0
siemensruggedcom_rox_rx1500_firmware
2.3.0 ≤
𝑥
< 2.15.0
siemensruggedcom_rox_rx1501_firmware
2.3.0 ≤
𝑥
< 2.15.0
siemensruggedcom_rox_rx1510_firmware
2.3.0 ≤
𝑥
< 2.15.0
siemensruggedcom_rox_rx1511_firmware
2.3.0 ≤
𝑥
< 2.15.0
siemensruggedcom_rox_rx1512_firmware
2.3.0 ≤
𝑥
< 2.15.0
siemensruggedcom_rox_rx1524_firmware
𝑥
< 2.15.0
siemensruggedcom_rox_rx1536_firmware
𝑥
< 2.15.0
siemensruggedcom_rox_rx5000_firmware
2.3.0 ≤
𝑥
< 2.15.0
siemensruggedcom_rox_mx5000_firmware
2.3.0 ≤
𝑥
< 2.15.0
netappontap_select_deploy_administration_utility
-
netappsolidfire_\&_hci_management_node
-
siemenssinec_ins
𝑥
< 1.0
siemenssinec_ins
1.0
siemenssinec_ins
1.0:sp1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
isc-dhcp
bullseye
4.4.1-2.3+deb11u2
fixed
bullseye (security)
4.4.1-2.3+deb11u1
fixed
bookworm
4.4.3-P1-2
fixed
sid
4.4.3-P1-5
fixed
trixie
4.4.3-P1-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
isc-dhcp
jammy
Fixed 4.4.1-2.2ubuntu7
released
impish
Fixed 4.4.1-2.2ubuntu7
released
hirsute
Fixed 4.4.1-2.2ubuntu6.1
released
groovy
Fixed 4.4.1-2.1ubuntu10.1
released
focal
Fixed 4.4.1-2.1ubuntu5.20.04.2
released
bionic
Fixed 4.3.5-3ubuntu7.3
released
xenial
Fixed 4.3.3-5ubuntu12.10+esm1
released
trusty
Fixed 4.2.4-7ubuntu12.13+esm1
released
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2021/05/26/6
https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
https://kb.isc.org/docs/cve-2021-25217
https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QI4DYC7J4BGHEW3NH4XHMWTHYC36UK4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LB42JWIV4M4WDNXX5VGIP26FEYWKIF/
https://security.gentoo.org/glsa/202305-22
https://security.netapp.com/advisory/ntap-20220325-0011/
http://www.openwall.com/lists/oss-security/2021/05/26/6
https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
https://kb.isc.org/docs/cve-2021-25217
https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QI4DYC7J4BGHEW3NH4XHMWTHYC36UK4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LB42JWIV4M4WDNXX5VGIP26FEYWKIF/
https://security.gentoo.org/glsa/202305-22
https://security.netapp.com/advisory/ntap-20220325-0011/