CVE-2021-25217

NameCVE-2021-25217
DescriptionIn ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 ( ...
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-2674-1, ELA-439-1
Debian Bugs989157

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
isc-dhcp (PTS)jessie, jessie (lts)4.3.1-6+deb8u5fixed
stretch4.3.5-3+deb9u1vulnerable
stretch (security)4.3.5-3+deb9u2fixed
buster4.4.1-2+deb10u1fixed
sid, bullseye4.4.1-2.3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
isc-dhcpsourcejessie4.3.1-6+deb8u5ELA-439-1
isc-dhcpsourcestretch4.3.5-3+deb9u2DLA-2674-1
isc-dhcpsourcebuster4.4.1-2+deb10u1
isc-dhcpsource(unstable)4.4.1-2.3989157

Notes

https://kb.isc.org/docs/cve-2021-25217
https://www.openwall.com/lists/oss-security/2021/05/26/6
https://downloads.isc.org/isc/dhcp/4.4.2-P1/patches/4.4.2.CVE-2021-25217.patch

Search for package or bug name: Reporting problems