阿里云漏洞库

漏洞描述

In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://kb.isc.org/docs/cve-2022-2928
https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://security.gentoo.org/glsa/202305-22

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	isc	dhcp	*	From (including) 4.4.0	Up to (including) 4.4.3
	运行在以下环境
	应用	isc	dhcp	4.1-esv	-
	运行在以下环境
	系统	alibaba_cloud_linux_3	dhcp	*		Up to (excluding) 4.3.6-49.0.1.al8
	运行在以下环境
	系统	alma_linux_8	dhcp-libs	*		Up to (excluding) 4.3.6-49.el8
	运行在以下环境
	系统	alma_linux_9	dhcp-relay	*		Up to (excluding) 4.4.2-18.b1.el9
	运行在以下环境
	系统	alpine_3.13	dhcp	*		Up to (excluding) 4.4.3_p1-r0
	运行在以下环境
	系统	alpine_3.14	dhcp	*		Up to (excluding) 4.4.3_p1-r0
	运行在以下环境
	系统	alpine_3.15	dhcp	*		Up to (excluding) 4.4.3_p1-r0
	运行在以下环境
	系统	alpine_3.16	dhcp	*		Up to (excluding) 4.4.3_p1-r0
	运行在以下环境
	系统	alpine_3.17	dhcp	*		Up to (excluding) 4.4.3_p1-r0
	运行在以下环境
	系统	alpine_3.18	dhcp	*		Up to (excluding) 4.4.3_p1-r0
	运行在以下环境
	系统	alpine_3.19	dhcp	*		Up to (excluding) 4.4.3_p1-r0
	运行在以下环境
	系统	amazon_2	dhcp	*		Up to (excluding) 4.2.5-79.amzn2.1.2
	运行在以下环境
	系统	anolis_os_8	dhcp	*		Up to (excluding) 4.3.6-49.0.1
	运行在以下环境
	系统	debian_10	isc-dhcp	*		Up to (excluding) 4.4.1-2+deb10u2
	运行在以下环境
	系统	debian_11	isc-dhcp	*		Up to (excluding) 4.4.1-2.3+deb11u1
	运行在以下环境
	系统	debian_12	isc-dhcp	*		Up to (excluding) 4.4.3-2.1
	运行在以下环境
	系统	fedora_35	dhcp	*		Up to (excluding) 4.4.3-4.P1.fc35
	运行在以下环境
	系统	fedora_36	dhcp	*		Up to (excluding) 4.4.3-4.P1.fc36
	运行在以下环境
	系统	fedora_37	dhcp	*		Up to (excluding) 4.4.3-4.P1.fc37
	运行在以下环境
	系统	fedora_38	dhcp	*		Up to (excluding) 4.4.3-4.P1.fc38
	运行在以下环境
	系统	kylinos_aarch64_V10	dhcp	*		Up to (excluding) 4.4.2-9.ky10
	运行在以下环境
	系统	kylinos_aarch64_V10SP1	dhcp	*		Up to (excluding) 4.4.2-9.ky10
	运行在以下环境
	系统	kylinos_aarch64_V10SP2	dhcp	*		Up to (excluding) 4.4.2-9.ky10
	运行在以下环境
	系统	kylinos_aarch64_V10SP3	dhcp	*		Up to (excluding) 4.4.2-9.ky10
	运行在以下环境
	系统	kylinos_loongarch64_V10SP1	dhcp	*		Up to (excluding) 4.4.2-9.a.ky10
	运行在以下环境
	系统	kylinos_loongarch64_V10SP3	dhcp	*		Up to (excluding) 4.4.2-9.a.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10	dhcp	*		Up to (excluding) 4.4.2-9.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP1	dhcp	*		Up to (excluding) 4.4.2-9.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP2	dhcp	*		Up to (excluding) 4.4.2-9.ky10
	运行在以下环境
	系统	opensuse_Leap_15.3	dhcp	*		Up to (excluding) 4.3.6.P1-150000.6.17.1
	运行在以下环境
系统	opensuse_Leap_15.4	dhcp	*		Up to (excluding) 4.3.6.P1-150000.6.17.1
运行在以下环境
系统	oracle_8	dhcp-libs	*		Up to (excluding) 4.3.6-49.el8
运行在以下环境
系统	oracle_9	dhcp-relay	*		Up to (excluding) 4.4.2-18.b1.el9
运行在以下环境
系统	redhat_8	dhcp-libs	*		Up to (excluding) 4.3.6-49.el8
运行在以下环境
系统	redhat_9	dhcp-relay	*		Up to (excluding) 4.4.2-18.b1.el9
运行在以下环境
系统	suse_12_SP5	dhcp	*		Up to (excluding) 4.3.3-10.28.1
运行在以下环境
系统	ubuntu_18.04	isc-dhcp	*		Up to (excluding) 4.3.5-3ubuntu7.4
运行在以下环境
系统	ubuntu_20.04	isc-dhcp	*		Up to (excluding) 4.4.1-2.1ubuntu5.20.04.4
运行在以下环境
系统	ubuntu_22.04	isc-dhcp	*		Up to (excluding) 4.4.1-2.3ubuntu2.3
运行在以下环境
系统	ubuntu_22.10	isc-dhcp	*		Up to (excluding) 4.4.3-2ubuntu4

攻击路径

本地
攻击复杂度

复杂
权限要求

无需权限
影响范围

越权影响
EXP成熟度

未验证
补丁情况

官方补丁
数据保密性

数据泄露
数据完整性

无影响
服务器危害

无影响
全网数量

N/A

CWE-ID	漏洞类型
CWE-476	空指针解引用

中危 isc dhcp 空指针解引用

漏洞描述

解决建议

参考链接

受影响软件情况