A vulnerability was found in DHCP, where, a DHCP server configured with "allow leasequery;", a remote machine with access to the server can send lease queries for the same lease multiple times, leading to the "add_option()" function being repeatedly called. This could cause an option's "refcount" field to overflow and the server to abort. Internally, reference counters are integers and thus overflow at 2^31 references, so even at 1000 lease query responses per second, it would take more than three weeks to crash the server. Versions affected: - 4.1-ESV-R1 -> 4.1-ESV-R16-P1 - 4.4.0 -> 4.4.3 Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series), it is probable, all versions after the introduction of lease query in ISC DHCP 3.0 are affected.
Created dhcp tracking bugs for this issue: Affects: fedora-all [bug 2132429]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2502 https://access.redhat.com/errata/RHSA-2023:2502
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:3000 https://access.redhat.com/errata/RHSA-2023:3000
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-2928