Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2022-2928

NULL Pointer Dereference

Published: Oct 07, 2022 | Modified: Nov 07, 2023
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
6.5 MODERATE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2022-2928
CWEhttps://cwe.mitre.org/data/definitions/476.html

In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the options refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Dhcp Isc 4.4.0 (including) 4.4.3 (including)
Dhcp Isc 4.1-esv-r1 (including) 4.1-esv-r1 (including)
Dhcp Isc 4.1-esv-r10 (including) 4.1-esv-r10 (including)
Dhcp Isc 4.1-esv-r10_b1 (including) 4.1-esv-r10_b1 (including)
Dhcp Isc 4.1-esv-r10_rc1 (including) 4.1-esv-r10_rc1 (including)
Dhcp Isc 4.1-esv-r10b1 (including) 4.1-esv-r10b1 (including)
Dhcp Isc 4.1-esv-r10rc1 (including) 4.1-esv-r10rc1 (including)
Dhcp Isc 4.1-esv-r11 (including) 4.1-esv-r11 (including)
Dhcp Isc 4.1-esv-r11_b1 (including) 4.1-esv-r11_b1 (including)
Dhcp Isc 4.1-esv-r11_rc1 (including) 4.1-esv-r11_rc1 (including)
Dhcp Isc 4.1-esv-r11_rc2 (including) 4.1-esv-r11_rc2 (including)
Dhcp Isc 4.1-esv-r11b1 (including) 4.1-esv-r11b1 (including)
Dhcp Isc 4.1-esv-r11rc1 (including) 4.1-esv-r11rc1 (including)
Dhcp Isc 4.1-esv-r11rc2 (including) 4.1-esv-r11rc2 (including)
Dhcp Isc 4.1-esv-r12 (including) 4.1-esv-r12 (including)
Dhcp Isc 4.1-esv-r12-p1 (including) 4.1-esv-r12-p1 (including)
Dhcp Isc 4.1-esv-r12_b1 (including) 4.1-esv-r12_b1 (including)
Dhcp Isc 4.1-esv-r12_p1 (including) 4.1-esv-r12_p1 (including)
Dhcp Isc 4.1-esv-r12b1 (including) 4.1-esv-r12b1 (including)
Dhcp Isc 4.1-esv-r13 (including) 4.1-esv-r13 (including)
Dhcp Isc 4.1-esv-r13_b1 (including) 4.1-esv-r13_b1 (including)
Dhcp Isc 4.1-esv-r13b1 (including) 4.1-esv-r13b1 (including)
Dhcp Isc 4.1-esv-r14 (including) 4.1-esv-r14 (including)
Dhcp Isc 4.1-esv-r14_b1 (including) 4.1-esv-r14_b1 (including)
Dhcp Isc 4.1-esv-r14b1 (including) 4.1-esv-r14b1 (including)
Dhcp Isc 4.1-esv-r15 (including) 4.1-esv-r15 (including)
Dhcp Isc 4.1-esv-r15-p1 (including) 4.1-esv-r15-p1 (including)
Dhcp Isc 4.1-esv-r15_b1 (including) 4.1-esv-r15_b1 (including)
Dhcp Isc 4.1-esv-r16 (including) 4.1-esv-r16 (including)
Dhcp Isc 4.1-esv-r16-p1 (including) 4.1-esv-r16-p1 (including)
Red Hat Enterprise Linux 8 RedHat dhcp-12:4.3.6-49.el8 *
Red Hat Enterprise Linux 9 RedHat dhcp-12:4.4.2-18.b1.el9 *
Isc-dhcp Ubuntu bionic *
Isc-dhcp Ubuntu devel *
Isc-dhcp Ubuntu esm-infra/xenial *
Isc-dhcp Ubuntu focal *
Isc-dhcp Ubuntu jammy *
Isc-dhcp Ubuntu kinetic *
Isc-dhcp Ubuntu trusty *
Isc-dhcp Ubuntu trusty/esm *
Isc-dhcp Ubuntu upstream *
Isc-dhcp Ubuntu xenial *

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use