FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
df587aa2-b5a5-11e5-9728-002590263bf5dhcpcd -- multiple vulnerabilities

Nico Golde reports:

heap overflow via malformed dhcp responses later in print_option (via dhcp_envoption1) due to incorrect option length values. Exploitation is non-trivial, but I'd love to be proven wrong.

invalid read/crash via malformed dhcp responses. not exploitable beyond DoS as far as I can judge.


Discovery 2016-01-04
Entry 2016-01-08
dhcpcd
< 6.10.0

CVE-2016-1503
CVE-2016-1504
ports/206015
http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30
http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403
http://www.openwall.com/lists/oss-security/2016/01/07/3
6ec9f210-0404-11e6-9aee-bc5ff4fb5ea1dhcpcd -- remote code execution/denial of service

MITRE reports:

The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted message.


Discovery 2016-01-22
Entry 2016-04-17
dhcpcd
< 6.10.2

CVE-2014-7913
ports/208702
http://roy.marples.name/projects/dhcpcd/info/528541c4c619520e