CVE-2014-7912

NameCVE-2014-7912
DescriptionThe get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a large length value of an option in a DHCPACK message.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-506-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
dhcpcd5 (PTS)wheezy5.5.6-1+deb7u1vulnerable
wheezy (security)5.5.6-1+deb7u2fixed
jessie6.0.5-2vulnerable
buster, sid, stretch6.10.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
dhcpcd5source(unstable)6.9.1-1medium
dhcpcd5sourcewheezy5.5.6-1+deb7u2mediumDLA-506-1

Notes

[jessie] - dhcpcd5 <no-dsa> (Minor issue)
https://dev.marples.name/rDHCc204b018d1cfe740fb3179532070ae10fe34aaf3

Search for package or bug name: Reporting problems