CVE-2020-13529

An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.

References

Affected packages

Git / github.com/systemd/systemd

Affected ranges

Type

GIT

Repo

https://github.com/systemd/systemd

Events

Introduced

Last affected

ea500ac513cf51bcb79a5666f1519499d029428f

Last affected

47675042c2622b96590c89d610b529e09099ce26

Database specific

{
    "source": "CPE_FIELD",
    "cpe": [
        "cpe:2.3:a:systemd_project:systemd:245:-:*:*:*:*:*:*",
        "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "245-NA"
        },
        {
            "last_affected": "33"
        }
    ]
}

Affected versions

Other

v10

v11

v12

v13

v14

v15

v16

v17

v18

v183

v184

v185

v186

v187

v188

v189

v19

v190

v191

v192

v193

v194

v195

v196

v197

v198

v199

v20

v200

v201

v202

v203

v204

v205

v206

v207

v208

v209

v21

v210

v211

v212

v213

v214

v215

v216

v217

v218

v219

v22

v220

v221

v222

v223

v224

v225

v226

v227

v228

v229

v23

v230

v231

v232

v233

v234

v235

v236

v237

v238

v239

v24

v240

v241

v241-rc1

v241-rc2

v242

v242-rc1

v242-rc2

v242-rc3

v242-rc4

v243

v243-rc1

v243-rc2

v244

v244-rc1

v245

v245-rc1

v245-rc2

v25

v26

v27

v28

v29

v30

v31

v32

v33

v34

v35

v36

v37

v38

v39

v40

v41

v42

v43

v44

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-13529.json"