GCVE - cpe:2.3:a:isc:dhcpd:3.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:isc:dhcpd:3.0:*:*:*:*:*:*:*

part: a version: 3.0 update: *

Vendor	Isc (`4a2f2b37-98b6-5702-822d-72afcd17d050`)
Product	Dhcpd (`e7d51b37-ed94-51c9-81f7-cb0d06501b46`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/isc-dhcp`	purl2cpe	2026-06-01 10:15:10.594310
`pkg:deb/ubuntu/isc-dhcp`	purl2cpe	2026-06-01 10:15:10.594312
`pkg:github/isc-projects/dhcp`	purl2cpe	2026-06-01 10:15:10.594314
`pkg:gitlab/redhat/dhcp`	purl2cpe	2026-06-01 10:15:10.594316
`pkg:rpm/centos/dhcp`	purl2cpe	2026-06-01 10:15:10.594318
`pkg:rpm/fedora/dhcp`	purl2cpe	2026-06-01 10:15:10.594320
`pkg:rpm/opensuse/dhcp`	purl2cpe	2026-06-01 10:15:10.594322

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2004-1006`	vulnerable	2026-06-03 14:26:37.850125	Details available Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702. Published: 2004-11-19T05:00:00.000Z Updated: 2024-08-08T00:39:00.517Z Open on db.gcve.eu Reference links http://marc.info/?l=bugtraq&m=109968710822449&w=2 http://www.kb.cert.org/vuls/id/448384 http://www.securityfocus.com/bid/11591 http://archives.neohapsis.com/archives/bugtraq/2004-10/0287.html http://www.debian.org/security/2004/dsa-584	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2003-0026`	vulnerable	2026-06-03 14:26:24.289896	Details available Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname. Published: 2003-01-16T05:00:00.000Z Updated: 2024-08-08T01:36:25.306Z Open on db.gcve.eu Reference links http://www.redhat.com/support/errata/RHSA-2003-011.html http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.002.html http://www.securitytracker.com/id?1005924 http://www.debian.org/security/2003/dsa-231 http://www.securityfocus.com/bid/6627	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-0702`	vulnerable	2026-06-03 14:26:14.905797	Details available Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers to execute arbitrary code via format strings in a DNS server response. Published: 2002-07-23T04:00:00.000Z Updated: 2024-08-08T02:56:38.893Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/4701 http://www.kb.cert.org/vuls/id/854315 http://www.novell.com/linux/security/advisories/2002_19_dhcp.html http://www.cert.org/advisories/CA-2002-12.html http://marc.info/?l=bugtraq&m=102089498828206&w=2	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.