6.5 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
43.7%
ISC DHCP server on IBM i is vulnerable to a denial of service attack due to a memory leak in the fqdn_universe_decode function and a reference count overflow in the add_option function as described in the vulnerability details section. IBM i has addressed the vulnerabilities in ISC DHCP server with a fix as described in the remediation/fixes section.
CVEID:CVE-2022-2929
**DESCRIPTION:**ISC DHCP is vulnerable to a denial of service, caused by a memory leak in the fqdn_universe_decode() function. By sending specially crafted DHCP packets for an extended period of time, a remote attacker from within the local network could exploit this vulnerability to cause the server to run out of memory.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237823 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2022-2928
**DESCRIPTION:**ISC DHCP is vulnerable to a denial of service, caused by an option refcount overflow in the add_option() function. A remote attacker from within the local network could exploit this vulnerability to overflow the reference counters and cause the server to abort.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237822 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM i | 7.5 |
IBM i | 7.4 |
IBM i | 7.3 |
IBM i | 7.2 |
The issue can be fixed by applying a PTF to IBM i. IBM i 7.5, 7.4, 7.3, and 7.2 will be fixed.
The IBM i PTF numbers contain the fix for the vulnerabilities.
IBM i Release| 5770-SS1
PTF Number| PTF Download Link
—|—|—
7.5| SI81438| SI81438
7.4| SI81439| SI81439
7.3| SI81440| SI81440
7.2| SI81441| SI81441
https://www.ibm.com/support/fixcentral
_Important note: _IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.
None
6.5 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
43.7%