CVE-2014-7912

NameCVE-2014-7912
DescriptionThe get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a large length value of an option in a DHCPACK message.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-506-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
dhcpcd5 (PTS)jessie, jessie (lts)6.0.5-2+deb8u1vulnerable
stretch (lts), stretch6.10.1-1+deb9u1fixed
buster, bullseye7.1.0-2fixed
bookworm9.4.1-24~deb12u4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
dhcpcd5sourcewheezy5.5.6-1+deb7u2DLA-506-1
dhcpcd5source(unstable)6.9.1-1

Notes

[jessie] - dhcpcd5 <no-dsa> (Minor issue)
https://dev.marples.name/rDHCc204b018d1cfe740fb3179532070ae10fe34aaf3

Search for package or bug name: Reporting problems