FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2040c7f5-1e3a-11e8-8ae9-0050569f0b83isc-dhcp -- Multiple vulnerabilities

ISC reports:

Failure to properly bounds check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section.

A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash.


Discovery 2018-02-21
Entry 2018-03-02
isc-dhcp44-server
lt 4.4.1

isc-dhcp44-client
lt 4.4.1

isc-dhcp43-server
le 4.3.6

isc-dhcp43-client
le 4.3.6

CVE-2018-5732
CVE-2018-5733
https://kb.isc.org/article/AA-01565
https://kb.isc.org/article/AA-01567
e24fb8f8-c39a-11eb-9370-b42e99a1b9c3isc-dhcp -- remotely exploitable vulnerability

Michael McNally reports:

Program code used by the ISC DHCP package to read and parse stored leases

has a defect that can be exploited by an attacker to cause one of several undesirable outcomes


Discovery 2021-05-26
Entry 2021-06-02
isc-dhcp44-relay
lt 4.4.2-P1

isc-dhcp44-server
lt 4.4.2-P1

isc-dhcp44-client
lt 4.4.2-P1

CVE-2021-25217
https://kb.isc.org/docs/cve-2021-25217