CVE-2012-2152

Name	CVE-2012-2152
Description	Stack-based buffer overflow in the get_packet method in socket.c in dhcpcd 3.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long packet.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-2498-1
Debian Bugs	671265

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
dhcpcd (PTS)	trixie	1:10.1.0-11	fixed
	forky, sid	1:10.2.4-4	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
dhcpcd	source	squeeze	1:3.2.3-5+squeeze1		DSA-2498-1
dhcpcd	source	(unstable)	1:3.2.3-11			671265

https://www.openwall.com/lists/oss-security/2012/05/02/4