GCVE - cpe:2.3:a:isc:dhcp:4.2.2:rc1:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:isc:dhcp:4.2.2:rc1:*:*:*:*:*:*

part: a version: 4.2.2 update: rc1

Vendor	Isc (`4a2f2b37-98b6-5702-822d-72afcd17d050`)
Product	Dhcp (`4e92e1a9-a8b0-5696-8d39-7119e87ecd86`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/isc-projects/dhcp`	purl2cpe	2026-06-01 10:15:10.728679

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-2774`	vulnerable	2026-06-08 05:07:42.820238	Details available ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions. Published: 2016-03-09T15:26:00.000Z Updated: 2024-08-05T23:32:20.980Z Open on db.gcve.eu Reference links http://rhn.redhat.com/errata/RHSA-2016-2590.html http://www.securitytracker.com/id/1035196 https://kb.isc.org/article/AA-01354 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-8605`	vulnerable	2026-06-08 05:07:04.497407	Details available ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet. Published: 2016-01-14T22:00:00.000Z Updated: 2024-08-06T08:20:43.591Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1034657 http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/ https://kb.isc.org/article/AA-01334 https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-2494`	vulnerable	2026-06-08 05:04:26.625263	Details available libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266. Published: 2013-03-28T16:00:00.000Z Updated: 2024-09-16T19:52:30.979Z Open on db.gcve.eu Reference links https://kb.isc.org/article/AA-00880/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-3954`	vulnerable	2026-06-08 05:02:14.548920	Details available Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests. Published: 2012-07-25T10:00:00.000Z Updated: 2024-08-06T20:21:04.079Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id?1027300 http://www.debian.org/security/2012/dsa-2516 http://rhn.redhat.com/errata/RHSA-2012-1141.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:116 http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-3571`	vulnerable	2026-06-08 05:02:10.927090	Details available ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier. Published: 2012-07-25T10:00:00.000Z Updated: 2024-08-06T20:13:51.326Z Open on db.gcve.eu Reference links http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html https://kb.isc.org/article/AA-00712 http://www.debian.org/security/2012/dsa-2516 http://rhn.redhat.com/errata/RHSA-2012-1141.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:116	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-3570`	vulnerable	2026-06-08 05:02:10.919882	Details available Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter. Published: 2012-07-25T10:00:00.000Z Updated: 2024-08-06T20:13:50.567Z Open on db.gcve.eu Reference links http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:115 http://security.gentoo.org/glsa/glsa-201301-06.xml https://kb.isc.org/article/AA-00714 http://www.securityfocus.com/bid/54665	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-4868`	vulnerable	2026-06-08 04:59:33.390286	Details available The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update. Published: 2012-01-15T02:00:00.000Z Updated: 2024-08-07T00:16:35.122Z Open on db.gcve.eu Reference links https://kb.isc.org/article/AA-00705 https://www.isc.org/software/dhcp/advisories/cve-2011-4868 https://deepthought.isc.org/article/AA-00595 http://security.gentoo.org/glsa/glsa-201301-06.xml	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-4539`	vulnerable	2026-06-08 04:59:31.789157	Details available dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet. Published: 2011-12-08T11:00:00.000Z Updated: 2024-08-07T00:09:18.744Z Open on db.gcve.eu Reference links http://www.mandriva.com/security/advisories?name=MDVSA-2011:182 http://secunia.com/advisories/47153 http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071549.html http://www.ubuntu.com/usn/USN-1309-1 http://lists.opensuse.org/opensuse-updates/2011-12/msg00006.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.