CVE-2014-7912
Published: 30 July 2015
The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a large length value of an option in a DHCPACK message.
Priority
Status
Package | Release | Status |
---|---|---|
dhcpcd Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
mantic |
Not vulnerable
(6.9.1-1)
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was not-affected [code not present])
|
|
upstream |
Needs triage
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
dhcpcd5 Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(6.9.1-1)
|
bionic |
Not vulnerable
(6.9.1-1)
|
|
cosmic |
Not vulnerable
(6.9.1-1)
|
|
disco |
Not vulnerable
(6.9.1-1)
|
|
focal |
Not vulnerable
(6.9.1-1)
|
|
jammy |
Not vulnerable
(6.9.1-1)
|
|
kinetic |
Not vulnerable
(6.9.1-1)
|
|
lunar |
Not vulnerable
(6.9.1-1)
|
|
mantic |
Does not exist
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Needed
|
|
upstream |
Released
(6.9.0-1)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Not vulnerable
(6.9.1-1)
|
|
xenial |
Not vulnerable
(6.9.1-1)
|
|
yakkety |
Not vulnerable
(6.9.1-1)
|
|
zesty |
Not vulnerable
(6.9.1-1)
|
|
Patches: other: https://android.googlesource.com/platform/external/dhcpcd/+/73c09dd8067250734511d955d8f792b41c7213f0 |