CVE-2022-2929

Summary

CVE	CVE-2022-2929
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-10-07 05:15:00 UTC
Updated	2023-11-07 03:47:00 UTC
Description	In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.

Risk And Classification

Problem Types: CWE-770

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Fedoraproject	Fedora	35	All	All	All
Operating System	Fedoraproject	Fedora	36	All	All	All
Operating System	Fedoraproject	Fedora	37	All	All	All
Application	Isc	Dhcp	All	All	All	All
Application	Isc	Dhcp	4.1-esv	r1	All	All
Application	Isc	Dhcp	4.1-esv	r10	All	All
Application	Isc	Dhcp	4.1-esv	r10b1	All	All
Application	Isc	Dhcp	4.1-esv	r10rc1	All	All
Application	Isc	Dhcp	4.1-esv	r10_b1	All	All
Application	Isc	Dhcp	4.1-esv	r10_rc1	All	All
Application	Isc	Dhcp	4.1-esv	r11	All	All
Application	Isc	Dhcp	4.1-esv	r11b1	All	All
Application	Isc	Dhcp	4.1-esv	r11rc1	All	All
Application	Isc	Dhcp	4.1-esv	r11rc2	All	All
Application	Isc	Dhcp	4.1-esv	r11_b1	All	All
Application	Isc	Dhcp	4.1-esv	r11_rc1	All	All
Application	Isc	Dhcp	4.1-esv	r11_rc2	All	All
Application	Isc	Dhcp	4.1-esv	r12	All	All
Application	Isc	Dhcp	4.1-esv	r12-p1	All	All
Application	Isc	Dhcp	4.1-esv	r12b1	All	All
Application	Isc	Dhcp	4.1-esv	r12_b1	All	All
Application	Isc	Dhcp	4.1-esv	r12_p1	All	All
Application	Isc	Dhcp	4.1-esv	r13	All	All
Application	Isc	Dhcp	4.1-esv	r13b1	All	All
Application	Isc	Dhcp	4.1-esv	r13_b1	All	All
Application	Isc	Dhcp	4.1-esv	r14	All	All
Application	Isc	Dhcp	4.1-esv	r14b1	All	All
Application	Isc	Dhcp	4.1-esv	r14_b1	All	All
Application	Isc	Dhcp	4.1-esv	r15	All	All
Application	Isc	Dhcp	4.1-esv	r15-p1	All	All
Application	Isc	Dhcp	4.1-esv	r15_b1	All	All
Application	Isc	Dhcp	4.1-esv	r16	All	All
Application	Isc	Dhcp	4.1-esv	r16-p1	All	All
Application	Isc	Dhcp	All	All	All	All

References

Reference	Source	Link	Tags
[SECURITY] Fedora 37 Update: dhcp-4.4.3-4.P1.fc37 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 36 Update: dhcp-4.4.3-4.P1.fc36 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
ISC DHCP: Multiple Vulnerabilities (GLSA 202305-22) — Gentoo security	GENTOO	security.gentoo.org
[SECURITY] Fedora 36 Update: dhcp-4.4.3-4.P1.fc36 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 35 Update: dhcp-4.4.3-4.P1.fc35 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 35 Update: dhcp-4.4.3-4.P1.fc35 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] [DLA 3146-1] isc-dhcp security update	MLIST	lists.debian.org
[SECURITY] Fedora 37 Update: dhcp-4.4.3-4.P1.fc37 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
CVE-2022-2929 DHCP memory leak	CONFIRM	kb.isc.org
cve-website	MISC	www.cve.org
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: ISC would like to thank VictorV of Cyber Kunlun Lab for discovering and reporting this issue.

Legacy QID Mappings

160628 Oracle Enterprise Linux Security Update for dhcp security and enhancement update (ELSA-2023-2502)
160661 Oracle Enterprise Linux Security Update for dhcp (ELSA-2023-3000)
181114 Debian Security Update for isc-dhcp (DSA 5251-1)
181126 Debian Security Update for isc-dhcp (DLA 3146-1)
182170 Debian Security Update for isc-dhcp (CVE-2022-2929)
198973 Ubuntu Security Notification for DHCP Vulnerabilities (USN-5658-1)
241461 Red Hat Update for dhcp (RHSA-2023:2502)
241476 Red Hat Update for dhcp (RHSA-2023:3000)
283204 Fedora Security Update for dhcp (FEDORA-2022-f5a45757df)
283244 Fedora Security Update for dhcp (FEDORA-2022-c4f274a54f)
283485 Fedora Security Update for dhcp (FEDORA-2022-9ca9a94e28)
354111 Amazon Linux Security Advisory for dhcp : ALAS2-2022-1874
355050 Amazon Linux Security Advisory for dhcp : AL2012-2022-374
378641 Alibaba Cloud Linux Security Update for dhcp (ALINUX3-SA-2023:0058)
502519 Alpine Linux Security Update for dhcp
503675 Alpine Linux Security Update for dhcp
505866 Alpine Linux Security Update for dhcp
591311 Bosch Rexroth PRA-ES8P2S Ethernet-Switch Multiple Vulnerabilities (BOSCH-SA-247053-BT)
672402 EulerOS Security Update for dhcp (EulerOS-SA-2022-2792)
672424 EulerOS Security Update for dhcp (EulerOS-SA-2022-2842)
672461 EulerOS Security Update for dhcp (EulerOS-SA-2022-2817)
672477 EulerOS Security Update for dhcp (EulerOS-SA-2023-1032)
672510 EulerOS Security Update for dhcp (EulerOS-SA-2023-1007)
672529 EulerOS Security Update for dhcp (EulerOS-SA-2023-1097)
672557 EulerOS Security Update for dhcp (EulerOS-SA-2023-1121)
672744 EulerOS Security Update for dhcp (EulerOS-SA-2023-1498)
710726 Gentoo Linux ISC DHCP Multiple Vulnerabilities (GLSA 202305-22)
752801 SUSE Enterprise Linux Security Update for dhcp (SUSE-SU-2022:3992-1)
752802 SUSE Enterprise Linux Security Update for dhcp (SUSE-SU-2022:3991-1)
904194 Common Base Linux Mariner (CBL-Mariner) Security Update for dhcp (11111)
904217 Common Base Linux Mariner (CBL-Mariner) Security Update for dhcp (11109)
941056 AlmaLinux Security Update for dhcp (ALSA-2023:2502)
941097 AlmaLinux Security Update for dhcp (ALSA-2023:3000)