{"api_version":"1","generated_at":"2026-04-22T19:50:32+00:00","cve":"CVE-2022-2928","urls":{"html":"https://cve.report/CVE-2022-2928","api":"https://cve.report/api/cve/CVE-2022-2928.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-2928","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-2928"},"summary":{"title":"CVE-2022-2928","description":"In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.","state":"PUBLIC","assigner":"security-officer@isc.org","published_at":"2022-10-07 05:15:00","updated_at":"2023-11-07 03:47:00"},"problem_types":["CWE-476"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/","name":"FEDORA-2022-9ca9a94e28","refsource":"","tags":[],"title":"[SECURITY] Fedora 37 Update: dhcp-4.4.3-4.P1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/","name":"FEDORA-2022-f5a45757df","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 36 Update: dhcp-4.4.3-4.P1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202305-22","name":"GLSA-202305-22","refsource":"GENTOO","tags":[],"title":"ISC DHCP: Multiple Vulnerabilities (GLSA 202305-22) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/","name":"FEDORA-2022-f5a45757df","refsource":"","tags":[],"title":"[SECURITY] Fedora 36 Update: dhcp-4.4.3-4.P1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/","name":"FEDORA-2022-c4f274a54f","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 35 Update: dhcp-4.4.3-4.P1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/","name":"FEDORA-2022-c4f274a54f","refsource":"","tags":[],"title":"[SECURITY] Fedora 35 Update: dhcp-4.4.3-4.P1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-2928","name":"https://www.cve.org/CVERecord?id=CVE-2022-2928","refsource":"MISC","tags":[],"title":"cve-website","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html","name":"[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3146-1] isc-dhcp security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/","name":"FEDORA-2022-9ca9a94e28","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 37 Update: dhcp-4.4.3-4.P1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://kb.isc.org/docs/cve-2022-2928","name":"https://kb.isc.org/docs/cve-2022-2928","refsource":"CONFIRM","tags":[],"title":"CVE-2022-2928 An option refcount overflow exists in dhcpd","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2928","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"ISC would like to thank VictorV of Cyber Kunlun Lab for discovering and reporting this issue.","lang":""}],"nvd_cpes":[{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"36","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"37","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r10","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r10b1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r10rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r10_b1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r10_rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r11","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r11b1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r11rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r11rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r11_b1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r11_rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r11_rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r12","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r12-p1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r12b1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r12_b1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r12_p1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r13","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r13b1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r13_b1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r14","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r14b1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r14_b1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r15","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r15-p1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r15_b1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r16","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"4.1-esv","cpe7":"r16-p1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2928","vulnerable":"1","versionEndIncluding":"4.4.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"dhcp","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-2928","qid":"160628","title":"Oracle Enterprise Linux Security Update for dhcp security and enhancement update (ELSA-2023-2502)"},{"cve":"CVE-2022-2928","qid":"160661","title":"Oracle Enterprise Linux Security Update for dhcp (ELSA-2023-3000)"},{"cve":"CVE-2022-2928","qid":"181114","title":"Debian Security Update for isc-dhcp (DSA 5251-1)"},{"cve":"CVE-2022-2928","qid":"181126","title":"Debian Security Update for isc-dhcp (DLA 3146-1)"},{"cve":"CVE-2022-2928","qid":"183928","title":"Debian Security Update for isc-dhcp (CVE-2022-2928)"},{"cve":"CVE-2022-2928","qid":"198973","title":"Ubuntu Security Notification for DHCP Vulnerabilities (USN-5658-1)"},{"cve":"CVE-2022-2928","qid":"241461","title":"Red Hat Update for dhcp (RHSA-2023:2502)"},{"cve":"CVE-2022-2928","qid":"241476","title":"Red Hat Update for dhcp (RHSA-2023:3000)"},{"cve":"CVE-2022-2928","qid":"283204","title":"Fedora Security Update for dhcp (FEDORA-2022-f5a45757df)"},{"cve":"CVE-2022-2928","qid":"283244","title":"Fedora Security Update for dhcp (FEDORA-2022-c4f274a54f)"},{"cve":"CVE-2022-2928","qid":"283485","title":"Fedora Security Update for dhcp (FEDORA-2022-9ca9a94e28)"},{"cve":"CVE-2022-2928","qid":"354111","title":"Amazon Linux Security Advisory for dhcp : ALAS2-2022-1874"},{"cve":"CVE-2022-2928","qid":"355050","title":"Amazon Linux Security Advisory for dhcp : AL2012-2022-374"},{"cve":"CVE-2022-2928","qid":"378641","title":"Alibaba Cloud Linux Security Update for dhcp (ALINUX3-SA-2023:0058)"},{"cve":"CVE-2022-2928","qid":"502519","title":"Alpine Linux Security Update for dhcp"},{"cve":"CVE-2022-2928","qid":"503675","title":"Alpine Linux Security Update for dhcp"},{"cve":"CVE-2022-2928","qid":"505866","title":"Alpine Linux Security Update for dhcp"},{"cve":"CVE-2022-2928","qid":"591311","title":"Bosch Rexroth PRA-ES8P2S Ethernet-Switch Multiple Vulnerabilities (BOSCH-SA-247053-BT)"},{"cve":"CVE-2022-2928","qid":"672402","title":"EulerOS Security Update for dhcp (EulerOS-SA-2022-2792)"},{"cve":"CVE-2022-2928","qid":"672424","title":"EulerOS Security Update for dhcp (EulerOS-SA-2022-2842)"},{"cve":"CVE-2022-2928","qid":"672461","title":"EulerOS Security Update for dhcp (EulerOS-SA-2022-2817)"},{"cve":"CVE-2022-2928","qid":"672477","title":"EulerOS Security Update for dhcp (EulerOS-SA-2023-1032)"},{"cve":"CVE-2022-2928","qid":"672510","title":"EulerOS Security Update for dhcp (EulerOS-SA-2023-1007)"},{"cve":"CVE-2022-2928","qid":"672529","title":"EulerOS Security Update for dhcp (EulerOS-SA-2023-1097)"},{"cve":"CVE-2022-2928","qid":"672557","title":"EulerOS Security Update for dhcp (EulerOS-SA-2023-1121)"},{"cve":"CVE-2022-2928","qid":"672744","title":"EulerOS Security Update for dhcp (EulerOS-SA-2023-1498)"},{"cve":"CVE-2022-2928","qid":"710726","title":"Gentoo Linux ISC DHCP Multiple Vulnerabilities (GLSA 202305-22)"},{"cve":"CVE-2022-2928","qid":"752801","title":"SUSE Enterprise Linux Security Update for dhcp (SUSE-SU-2022:3992-1)"},{"cve":"CVE-2022-2928","qid":"752802","title":"SUSE Enterprise Linux Security Update for dhcp (SUSE-SU-2022:3991-1)"},{"cve":"CVE-2022-2928","qid":"904199","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for dhcp (11110)"},{"cve":"CVE-2022-2928","qid":"904218","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for dhcp (11108)"},{"cve":"CVE-2022-2928","qid":"941056","title":"AlmaLinux Security Update for dhcp (ALSA-2023:2502)"},{"cve":"CVE-2022-2928","qid":"941097","title":"AlmaLinux Security Update for dhcp (ALSA-2023:3000)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"DATE_PUBLIC":"2022-10-05T12:01:00.000Z","ID":"CVE-2022-2928","ASSIGNER":"security-officer@isc.org","STATE":"PUBLIC","TITLE":"An option refcount overflow exists in dhcpd"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"ISC DHCP","version":{"version_data":[{"version_name":"4.4","version_value":"4.4.0 through versions before 4.4.3-P1"},{"version_name":"4.1 ESV","version_value":"4.1-ESV-R1 through versions before 4.1-ESV-R16-P1"}]}}]},"vendor_name":"ISC"}]}},"credit":[{"lang":"eng","value":"ISC would like to thank VictorV of Cyber Kunlun Lab for discovering and reporting this issue."}],"description":{"description_data":[{"lang":"eng","value":"In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort."}]},"exploit":[{"lang":"eng","value":"We are not aware of any active exploits."}],"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"ADJACENT NETWORK","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"A DHCP server configured with allow leasequery;, a remote machine with access to the server can send lease queries for the same lease multiple times, leading to the add_option() function being repeatedly called. This could cause an option's refcount field to overflow and the server to abort. Internally, reference counters are integers and thus overflow at 2^31 references, so even at 1000 lease query responses per second, it would take more than three weeks to crash the server. Affects In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1"}]}]},"references":{"reference_data":[{"name":"https://kb.isc.org/docs/cve-2022-2928","refsource":"CONFIRM","url":"https://kb.isc.org/docs/cve-2022-2928"},{"refsource":"MLIST","name":"[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update","url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"},{"refsource":"FEDORA","name":"FEDORA-2022-f5a45757df","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"},{"refsource":"FEDORA","name":"FEDORA-2022-9ca9a94e28","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"},{"refsource":"FEDORA","name":"FEDORA-2022-c4f274a54f","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"},{"refsource":"GENTOO","name":"GLSA-202305-22","url":"https://security.gentoo.org/glsa/202305-22"}]},"solution":[{"lang":"eng","value":"Upgrade to the patched release most closely related to your current version of ISC DHCP. These can all be downloaded from https://www.isc.org/downloads.  4.4.3-P1 4.1-ESV-R16-P2"}],"source":{"discovery":"EXTERNAL"},"work_around":[{"lang":"eng","value":"Disable lease query on the server for DHCPv4 or restart the server periodically."}]},"nvd":{"publishedDate":"2022-10-07 05:15:00","lastModifiedDate":"2023-11-07 03:47:00","problem_types":["CWE-476"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r11_b1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r10_b1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r10:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r12_b1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc2:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r10_rc1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r11:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r12_p1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r13:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r13_b1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r14:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r14_b1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r15:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r10b1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r10rc1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r11b1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r11rc1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r11rc2:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r12-p1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r12b1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r13b1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r14b1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r16:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r15-p1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r15_b1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:4.1-esv:r16-p1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.0","versionEndIncluding":"4.4.3","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}