Vulnerability CVE-2022-2929: Information

Description

In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-2929

Published: Oct. 7, 2022

Modified: Nov. 7, 2023

Error type identifier: CWE-770

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
dhcp	sisyphus	4.4.3.P1-alt1	4.4.3.P1-alt2	ALT-PU-2022-2744-1	308049	Fixed
dhcp	sisyphus_e2k	4.4.3.P1-alt1	4.4.3.P1-alt2	ALT-PU-2022-6467-1	-	Fixed
dhcp	sisyphus_riscv64	4.4.3.P1-alt1	4.4.3.P1-alt2	ALT-PU-2022-6461-1	-	Fixed
dhcp	p10	4.4.3.P1-alt1	4.4.3.P1-alt2	ALT-PU-2022-2839-1	308190	Fixed
dhcp	p10_e2k	4.4.3.P1-alt1	4.4.3.P1-alt2	ALT-PU-2022-6536-1	-	Fixed
dhcp	p9	4.4.3.P1-alt1	4.4.3.P1-alt1	ALT-PU-2023-6824-2	333207	Fixed
dhcp	p9_e2k	4.4.3.P1-alt1	4.4.3.P1-alt1	ALT-PU-2023-7706-1	-	Fixed
dhcp	c10f1	4.4.3.P1-alt1	4.4.3.P1-alt1	ALT-PU-2022-2839-1	308190	Fixed
dhcp	c9f2	4.4.3.P1-alt1	4.4.3.P1-alt1	ALT-PU-2023-1273-1	315283	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://kb.isc.org/docs/cve-2022-2929	Vendor Advisory
[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update	Mailing List Third Party Advisory
GLSA-202305-22
FEDORA-2022-f5a45757df
FEDORA-2022-9ca9a94e28
FEDORA-2022-c4f274a54f

Affected configurations:
1. Configuration 1
  cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc1:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:4.1-esv:r11_b1:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:4.1-esv:r10_b1:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:4.1-esv:r10:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:4.1-esv:r12_b1:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc2:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:4.1-esv:r10_rc1:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:4.1-esv:r11:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:4.1-esv:r12_p1:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:4.1-esv:r13:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:4.1-esv:r13_b1:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:4.1-esv:r14:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:4.1-esv:r14_b1:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:4.1-esv:r15:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:4.1-esv:r10b1:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:4.1-esv:r10rc1:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:4.1-esv:r11b1:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:4.1-esv:r11rc1:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:4.1-esv:r11rc2:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:4.1-esv:r12-p1:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:4.1-esv:r12b1:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:4.1-esv:r13b1:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:4.1-esv:r14b1:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:4.1-esv:r16:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:4.1-esv:r15-p1:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:4.1-esv:r15_b1:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:4.1-esv:r16-p1:*:*:*:*:*:*
  cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*
  Start including
  4.2.0
  End including
  4.4.3
  cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*
  Start including
  1.0.0
  End excliding
  4.1-esv
  
  Configuration 2
  cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  
  Configuration 3
  cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

Version: v24.5.1

Vulnerability CVE-2022-2929: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3