GCVE - cpe:2.3:a:isc:dhcpd:3.0.1:rc5:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:isc:dhcpd:3.0.1:rc5:*:*:*:*:*:*

part: a version: 3.0.1 update: rc5

Vendor	Isc (`4a2f2b37-98b6-5702-822d-72afcd17d050`)
Product	Dhcpd (`e7d51b37-ed94-51c9-81f7-cb0d06501b46`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/isc-dhcp`	purl2cpe	2026-06-01 10:15:10.594441
`pkg:deb/ubuntu/isc-dhcp`	purl2cpe	2026-06-01 10:15:10.594443
`pkg:github/isc-projects/dhcp`	purl2cpe	2026-06-01 10:15:10.594445
`pkg:gitlab/redhat/dhcp`	purl2cpe	2026-06-01 10:15:10.594447
`pkg:rpm/centos/dhcp`	purl2cpe	2026-06-01 10:15:10.594448
`pkg:rpm/fedora/dhcp`	purl2cpe	2026-06-01 10:15:10.594450
`pkg:rpm/opensuse/dhcp`	purl2cpe	2026-06-01 10:15:10.594452

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2004-1006`	vulnerable	2026-06-03 14:26:37.855554	Details available Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702. Published: 2004-11-19T05:00:00.000Z Updated: 2024-08-08T00:39:00.517Z Open on db.gcve.eu Reference links http://marc.info/?l=bugtraq&m=109968710822449&w=2 http://www.kb.cert.org/vuls/id/448384 http://www.securityfocus.com/bid/11591 http://archives.neohapsis.com/archives/bugtraq/2004-10/0287.html http://www.debian.org/security/2004/dsa-584	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2003-0039`	vulnerable	2026-06-03 14:26:24.377445	Details available ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count. Published: 2004-09-01T04:00:00.000Z Updated: 2024-08-08T01:43:35.382Z Open on db.gcve.eu Reference links http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000616 http://www.kb.cert.org/vuls/id/149953 http://www.debian.org/security/2003/dsa-245 http://cc.turbolinux.com/security/TLSA-2003-26.txt http://www.redhat.com/support/errata/RHSA-2003-034.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2003-0026`	vulnerable	2026-06-03 14:26:24.292521	Details available Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname. Published: 2003-01-16T05:00:00.000Z Updated: 2024-08-08T01:36:25.306Z Open on db.gcve.eu Reference links http://www.redhat.com/support/errata/RHSA-2003-011.html http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.002.html http://www.securitytracker.com/id?1005924 http://www.debian.org/security/2003/dsa-231 http://www.securityfocus.com/bid/6627	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-0702`	vulnerable	2026-06-03 14:26:14.908476	Details available Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers to execute arbitrary code via format strings in a DNS server response. Published: 2002-07-23T04:00:00.000Z Updated: 2024-08-08T02:56:38.893Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/4701 http://www.kb.cert.org/vuls/id/854315 http://www.novell.com/linux/security/advisories/2002_19_dhcp.html http://www.cert.org/advisories/CA-2002-12.html http://marc.info/?l=bugtraq&m=102089498828206&w=2	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.