CVE-2022-2928

In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
iscCNA
6.5 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
VendorProductVersion
iscdhcp
4.4.0 ≤
𝑥
≤ 4.4.3
iscdhcp
4.1-esv:r1
iscdhcp
4.1-esv:r10
iscdhcp
4.1-esv:r10_b1
iscdhcp
4.1-esv:r10_rc1
iscdhcp
4.1-esv:r10b1
iscdhcp
4.1-esv:r10rc1
iscdhcp
4.1-esv:r11
iscdhcp
4.1-esv:r11_b1
iscdhcp
4.1-esv:r11_rc1
iscdhcp
4.1-esv:r11_rc2
iscdhcp
4.1-esv:r11b1
iscdhcp
4.1-esv:r11rc1
iscdhcp
4.1-esv:r11rc2
iscdhcp
4.1-esv:r12
iscdhcp
4.1-esv:r12-p1
iscdhcp
4.1-esv:r12_b1
iscdhcp
4.1-esv:r12_p1
iscdhcp
4.1-esv:r12b1
iscdhcp
4.1-esv:r13
iscdhcp
4.1-esv:r13_b1
iscdhcp
4.1-esv:r13b1
iscdhcp
4.1-esv:r14
iscdhcp
4.1-esv:r14_b1
iscdhcp
4.1-esv:r14b1
iscdhcp
4.1-esv:r15
iscdhcp
4.1-esv:r15-p1
iscdhcp
4.1-esv:r15_b1
iscdhcp
4.1-esv:r16
iscdhcp
4.1-esv:r16-p1
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
isc-dhcp
bullseye
4.4.1-2.3+deb11u2
fixed
bullseye (security)
4.4.1-2.3+deb11u1
fixed
bookworm
4.4.3-P1-2
fixed
sid
4.4.3-P1-5
fixed
trixie
4.4.3-P1-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
isc-dhcp
kinetic
Fixed 4.4.3-2ubuntu4
released
jammy
Fixed 4.4.1-2.3ubuntu2.3
released
focal
Fixed 4.4.1-2.1ubuntu5.20.04.4
released
bionic
Fixed 4.3.5-3ubuntu7.4
released
xenial
Fixed 4.3.3-5ubuntu12.10+esm2
released
trusty
Fixed 4.2.4-7ubuntu12.13+esm2
released
Common Weakness Enumeration
References
https://kb.isc.org/docs/cve-2022-2928
https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/
https://security.gentoo.org/glsa/202305-22
https://kb.isc.org/docs/cve-2022-2928
https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/
https://security.gentoo.org/glsa/202305-22