In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function optioncodehashlookup() is called from addoption(), it increases the option's refcount field. However, there is not a corresponding call to optiondereference() to decrement the refcount field. The function addoption() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.
{
"unresolved_ranges": [
{
"vendor_product": "debian:debian_linux",
"extracted_events": [
{
"introduced": "10.0"
},
{
"last_affected": "10.0"
}
],
"source": "CPE_STRING",
"cpes": [
"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"
]
},
{
"vendor_product": "fedoraproject:fedora",
"extracted_events": [
{
"introduced": "35"
},
{
"last_affected": "35"
},
{
"introduced": "36"
},
{
"last_affected": "36"
},
{
"introduced": "37"
},
{
"last_affected": "37"
}
],
"source": "CPE_STRING",
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*"
]
}
]
}{
"extracted_events": [
{
"introduced": "4.4.0"
},
{
"last_affected": "4.4.3"
},
{
"introduced": "4.1-esv-r1"
},
{
"last_affected": "4.1-esv-r1"
},
{
"introduced": "4.1-esv-r10"
},
{
"last_affected": "4.1-esv-r10"
},
{
"introduced": "4.1-esv-r10_b1"
},
{
"last_affected": "4.1-esv-r10_b1"
},
{
"introduced": "4.1-esv-r10b1"
},
{
"last_affected": "4.1-esv-r10b1"
},
{
"introduced": "4.1-esv-r10_rc1"
},
{
"last_affected": "4.1-esv-r10_rc1"
},
{
"introduced": "4.1-esv-r10rc1"
},
{
"last_affected": "4.1-esv-r10rc1"
},
{
"introduced": "4.1-esv-r11"
},
{
"last_affected": "4.1-esv-r11"
},
{
"introduced": "4.1-esv-r11_b1"
},
{
"last_affected": "4.1-esv-r11_b1"
},
{
"introduced": "4.1-esv-r11b1"
},
{
"last_affected": "4.1-esv-r11b1"
},
{
"introduced": "4.1-esv-r11_rc1"
},
{
"last_affected": "4.1-esv-r11_rc1"
},
{
"introduced": "4.1-esv-r11rc1"
},
{
"last_affected": "4.1-esv-r11rc1"
},
{
"introduced": "4.1-esv-r11_rc2"
},
{
"last_affected": "4.1-esv-r11_rc2"
},
{
"introduced": "4.1-esv-r11rc2"
},
{
"last_affected": "4.1-esv-r11rc2"
},
{
"introduced": "4.1-esv-r12"
},
{
"last_affected": "4.1-esv-r12"
},
{
"introduced": "4.1-esv-r12\\-p1"
},
{
"last_affected": "4.1-esv-r12\\-p1"
},
{
"introduced": "4.1-esv-r12_b1"
},
{
"last_affected": "4.1-esv-r12_b1"
},
{
"introduced": "4.1-esv-r12_p1"
},
{
"last_affected": "4.1-esv-r12_p1"
},
{
"introduced": "4.1-esv-r12b1"
},
{
"last_affected": "4.1-esv-r12b1"
},
{
"introduced": "4.1-esv-r13"
},
{
"last_affected": "4.1-esv-r13"
},
{
"introduced": "4.1-esv-r13_b1"
},
{
"last_affected": "4.1-esv-r13_b1"
},
{
"introduced": "4.1-esv-r13b1"
},
{
"last_affected": "4.1-esv-r13b1"
},
{
"introduced": "4.1-esv-r14"
},
{
"last_affected": "4.1-esv-r14"
},
{
"introduced": "4.1-esv-r14_b1"
},
{
"last_affected": "4.1-esv-r14_b1"
},
{
"introduced": "4.1-esv-r14b1"
},
{
"last_affected": "4.1-esv-r14b1"
},
{
"introduced": "4.1-esv-r15"
},
{
"last_affected": "4.1-esv-r15"
},
{
"introduced": "4.1-esv-r15\\-p1"
},
{
"last_affected": "4.1-esv-r15\\-p1"
},
{
"introduced": "4.1-esv-r15_b1"
},
{
"last_affected": "4.1-esv-r15_b1"
},
{
"introduced": "4.1-esv-r16"
},
{
"last_affected": "4.1-esv-r16"
},
{
"introduced": "4.1-esv-r16\\-p1"
},
{
"last_affected": "4.1-esv-r16\\-p1"
}
],
"source": [
"CPE_RANGE",
"CPE_STRING"
],
"cpe": [
"cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r10:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r10_b1:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r10b1:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r10_rc1:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r10rc1:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r11:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r11_b1:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r11b1:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc1:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r11rc1:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc2:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r11rc2:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r12-p1:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r12_b1:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r12_p1:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r12b1:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r13:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r13_b1:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r13b1:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r14:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r14_b1:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r14b1:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r15:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r15-p1:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r15_b1:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r16:*:*:*:*:*:*",
"cpe:2.3:a:isc:dhcp:4.1-esv:r16-p1:*:*:*:*:*:*"
]
}