GCVE - cpe:2.3:a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*

part: a version: 4.1-esv update: rc1

Vendor	Isc (`4a2f2b37-98b6-5702-822d-72afcd17d050`)
Product	Dhcp (`4e92e1a9-a8b0-5696-8d39-7119e87ecd86`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/isc-projects/dhcp`	purl2cpe	2026-06-01 10:15:10.728654

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-5733`	vulnerable	2026-06-08 05:11:51.711566	A malicious client can overflow a reference counter in ISC dhcpd MEDIUM (5.9) A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0. Published: 2019-01-16T20:00:00.000Z Updated: 2025-04-25T23:02:52.084Z Open on db.gcve.eu Reference links https://kb.isc.org/docs/aa-01567 https://access.redhat.com/errata/RHSA-2018:0469 https://www.debian.org/security/2018/dsa-4133 https://usn.ubuntu.com/3586-2/ https://access.redhat.com/errata/RHSA-2018:0483	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-2774`	vulnerable	2026-06-08 05:07:42.803802	Details available ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions. Published: 2016-03-09T15:26:00.000Z Updated: 2024-08-05T23:32:20.980Z Open on db.gcve.eu Reference links http://rhn.redhat.com/errata/RHSA-2016-2590.html http://www.securitytracker.com/id/1035196 https://kb.isc.org/article/AA-01354 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-3955`	vulnerable	2026-06-08 05:02:14.555942	Details available ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced. Published: 2012-09-14T10:00:00.000Z Updated: 2024-08-06T20:21:04.060Z Open on db.gcve.eu Reference links http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.html http://lists.opensuse.org/opensuse-updates/2012-09/msg00103.html http://www.ubuntu.com/usn/USN-1571-1 http://lists.opensuse.org/opensuse-updates/2012-09/msg00088.html http://www.debian.org/security/2012/dsa-2551	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-3954`	vulnerable	2026-06-08 05:02:14.552302	Details available Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests. Published: 2012-07-25T10:00:00.000Z Updated: 2024-08-06T20:21:04.079Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id?1027300 http://www.debian.org/security/2012/dsa-2516 http://rhn.redhat.com/errata/RHSA-2012-1141.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:116 http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2749`	vulnerable	2026-06-08 04:58:09.061935	Details available The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet. Published: 2011-08-15T21:00:00.000Z Updated: 2024-08-06T23:08:23.964Z Open on db.gcve.eu Reference links http://www.ubuntu.com/usn/USN-1190-1 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html http://secunia.com/advisories/45595 http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html http://www.debian.org/security/2011/dsa-2292	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2748`	vulnerable	2026-06-08 04:58:09.050392	Details available The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet. Published: 2011-08-15T21:00:00.000Z Updated: 2024-08-06T23:08:23.745Z Open on db.gcve.eu Reference links http://www.ubuntu.com/usn/USN-1190-1 http://redmine.pfsense.org/issues/1888 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html http://secunia.com/advisories/45595 http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-0997`	vulnerable	2026-06-08 04:56:40.557160	Details available dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script. Published: 2011-04-08T15:00:00.000Z Updated: 2024-08-06T22:14:27.265Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/47176 http://www.vupen.com/english/advisories/2011/0886 http://secunia.com/advisories/44103 http://www.redhat.com/support/errata/RHSA-2011-0840.html http://secunia.com/advisories/44037	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.