Dhcpcd Project: >> Dhcpcd >> 6.9.1 Security Vulnerabilities
dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.
CVSS Score
9.8
EPSS Score
0.008
Published
2019-05-05
dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp6.c when reading NA/TA addresses.
CVSS Score
9.8
EPSS Score
0.043
Published
2019-04-28
auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks.
CVSS Score
5.9
EPSS Score
0.005
Published
2019-04-28
dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED.
CVSS Score
5.3
EPSS Score
0.005
Published
2019-04-28
dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length.
CVSS Score
7.5
EPSS Score
0.019
Published
2017-02-07
dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634.
CVSS Score
9.8
EPSS Score
0.071
Published
2016-04-18