Denial of Service Vulnerability in ISC DHCP Server by Internet Systems Consortium
CVE-2006-3122

Currently unrated

Key Information:

Vendor: Isc
Status: Dhcpd
Vendor: CVE Published:; 9 August 2006

Summary

A vulnerability in the supersede_lease function of ISC DHCP server version 2.0pl5 enables remote attackers to trigger a denial of service by sending a specially crafted DHCPDISCOVER packet with a 32-byte client identifier. This malformed packet causes the server to misinterpret the UID, leading to an application crash with an error message indicating 'corrupt lease uid.' Proper validation of incoming packets is essential to mitigate this issue and maintain service stability.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380273

x_refsource_MISC

http://www.debian.org/security/2006/dsa-1143

vendor-advisoryx_refsource_DEBIAN

http://www.vupen.com/english/advisories/2006/3158

vdb-entryx_refsource_VUPEN

EPSS Score

12% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 9, 2006
Vulnerability Reserved
Jun 21, 2006