CVE-2022-2929 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
isc	CNA	6.5 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 13%

Vendor	Product	Version
isc	dhcp	1.0.0 ≤ 𝑥 < 4.1-esv
isc	dhcp	4.2.0 ≤ 𝑥 ≤ 4.4.3
isc	dhcp	4.1-esv:r1
isc	dhcp	4.1-esv:r10
isc	dhcp	4.1-esv:r10_b1
isc	dhcp	4.1-esv:r10_rc1
isc	dhcp	4.1-esv:r10b1
isc	dhcp	4.1-esv:r10rc1
isc	dhcp	4.1-esv:r11
isc	dhcp	4.1-esv:r11_b1
isc	dhcp	4.1-esv:r11_rc1
isc	dhcp	4.1-esv:r11_rc2
isc	dhcp	4.1-esv:r11b1
isc	dhcp	4.1-esv:r11rc1
isc	dhcp	4.1-esv:r11rc2
isc	dhcp	4.1-esv:r12
isc	dhcp	4.1-esv:r12-p1
isc	dhcp	4.1-esv:r12_b1
isc	dhcp	4.1-esv:r12_p1
isc	dhcp	4.1-esv:r12b1
isc	dhcp	4.1-esv:r13
isc	dhcp	4.1-esv:r13_b1
isc	dhcp	4.1-esv:r13b1
isc	dhcp	4.1-esv:r14
isc	dhcp	4.1-esv:r14_b1
isc	dhcp	4.1-esv:r14b1
isc	dhcp	4.1-esv:r15
isc	dhcp	4.1-esv:r15-p1
isc	dhcp	4.1-esv:r15_b1
isc	dhcp	4.1-esv:r16
isc	dhcp	4.1-esv:r16-p1
debian	debian_linux	10.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

isc-dhcp

bullseye	4.4.1-2.3+deb11u2 fixed
bullseye (security)	4.4.1-2.3+deb11u1 fixed
bookworm	4.4.3-P1-2 fixed
sid	4.4.3-P1-5 fixed
trixie	4.4.3-P1-5 fixed

Ubuntu Releases

Ubuntu Product

Codename

isc-dhcp

kinetic	Fixed 4.4.3-2ubuntu4 released
jammy	Fixed 4.4.1-2.3ubuntu2.3 released
focal	Fixed 4.4.1-2.1ubuntu5.20.04.4 released
bionic	Fixed 4.3.5-3ubuntu7.4 released
xenial	Fixed 4.3.3-5ubuntu12.10+esm2 released
trusty	Fixed 4.2.4-7ubuntu12.13+esm2 released

Common Weakness Enumeration

CWE-770 - Allocation of Resources Without Limits or Throttling
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References

https://kb.isc.org/docs/cve-2022-2929

https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/

https://security.gentoo.org/glsa/202305-22

https://kb.isc.org/docs/cve-2022-2929

https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/

https://security.gentoo.org/glsa/202305-22