CVE-2015-8605

6.5MEDIUM

Key Information:

Vendor: Sophos
Status: Unified Threat Management Up2date
Vendor: CVE Published:; 14 January 2016

Summary

ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.

References

http://www.securitytracker.com/id/1034657

vdb-entryx_refsource_SECTRACK

http://lists.opensuse.org/opensuse-updates/2016-02/msg001...

vendor-advisoryx_refsource_SUSE

https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-rel...

x_refsource_CONFIRM

EPSS Score

4% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 14, 2016
Vulnerability Reserved
Dec 17, 2015

Collectors

NVD DatabaseMitre Database