Lucene search

MitreCVE-2016-1504

HistoryFeb 07, 2017 - 3:59 p.m.

CVE-2016-1504

2017-02-0715:59:00

CWE-119

mitre

web.nvd.nist.gov

cve

2016

1504

dhcpcd

denial of service

dos

invalid read

crash

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.9

Confidence

High

EPSS

0.022

Percentile

89.5%

JSON

dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length.

Affected configurations

Nvd

Node

dhcpcd_projectdhcpcdRange≤6.9.4

VendorProductVersionCPE
dhcpcd_projectdhcpcd*cpe:2.3:a:dhcpcd_project:dhcpcd:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dhcpcd_project	dhcpcd	*	cpe:2.3:a:dhcpcd_project:dhcpcd::::::::

References

roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403

roy.marples.name/projects/dhcpcd/timeline?r=trunk&nd&c=2016-01-07+16%3A47%3A19&n=200

www.openwall.com/lists/oss-security/2016/01/07/3

www.openwall.com/lists/oss-security/2016/01/07/4

www.securitytracker.com/id/1034601

security.gentoo.org/glsa/201606-07

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.9

Confidence

High

EPSS

0.022

Percentile

89.5%

JSON

Related for CVE-2016-1504