Home > Vulnerability Database > CVE-2015-8605

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2015-8605

Date: January 14, 2016

ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.

Language: C

Severity Score

6.5

Related Resources (16)

Url: https://access.redhat.com/security/cve/CVE-2015-8605

Url: https://security-tracker.debian.org/tracker/CVE-2015-8605

Url: http://www.securitytracker.com/id/1034657

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-8605

Url: http://www.debian.org/security/2016/dsa-3442

Url: http://www.securityfocus.com/bid/80703

Url: https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/

Url: http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

Url: http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html

Url: https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/

Url: http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.html

Url: http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html

Url: https://kb.isc.org/article/AA-01334

Url: http://www.ubuntu.com/usn/USN-2868-1

Url: https://www.mend.io/vulnerability-database/CVE-2015-8605

Severity Score

6.5

Weakness Type (CWE)

Improper Input Validation

CWE-20

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	5.7
Access Vector (AV):	ADJACENT
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	COMPLETE
Additional information:

Do you need more information?

Contact Us