CVE-2011-4539

Name: CVE-2011-4539
Creator: NVD / NIST
Published: 2011-12-08T11:55:02.407+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 15.48%

Last modified Jun 16, 2026

CVE-2011-4539 is a vulnerability of currently unknown severity. dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.. EPSS estimates a 15.48% chance of exploitation in the next 30 days.

Description

dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.

Metrics

EPSS Probability

15.48%

96.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions	Update
Isc	Dhcp	4.0	—
Isc	Dhcp	4.0.0	—
Isc	Dhcp	4.0.1	—
Isc	Dhcp	4.0.2	—
Isc	Dhcp	4.0.3	—
Isc	Dhcp	4.1.1	B3
Isc	Dhcp	4.1.2	—
Isc	Dhcp	4.2.0	—
Isc	Dhcp	4.2.1	—
Isc	Dhcp	4.2.2	—
Isc	Dhcp	4.2.3	—
Isc	Dhcp	4.1-esv	—
Canonical	Ubuntu Linux	11.04	—
Canonical	Ubuntu Linux	11.10	—
Debian	Debian Linux	6.0	—
Debian	Debian Linux	7.0	—

References

http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070980.htmlMailing List, Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071549.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2011-12/msg00006.htmlMailing List, Third Party Advisory
http://secunia.com/advisories/47153Third Party Advisory
http://secunia.com/advisories/47178Third Party Advisory
http://security.gentoo.org/glsa/glsa-201301-06.xmlThird Party Advisory
http://www.debian.org/security/2012/dsa-2519Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:182Third Party Advisory
http://www.securityfocus.com/bid/50971Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1026393Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/USN-1309-1Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/71680Third Party Advisory, VDB Entry
https://www.isc.org/software/dhcp/advisories/cve-2011-4539Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070980.htmlMailing List, Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071549.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2011-12/msg00006.htmlMailing List, Third Party Advisory
http://secunia.com/advisories/47153Third Party Advisory
http://secunia.com/advisories/47178Third Party Advisory
http://security.gentoo.org/glsa/glsa-201301-06.xmlThird Party Advisory
http://www.debian.org/security/2012/dsa-2519Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:182Third Party Advisory
http://www.securityfocus.com/bid/50971Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1026393Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/USN-1309-1Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/71680Third Party Advisory, VDB Entry
https://www.isc.org/software/dhcp/advisories/cve-2011-4539Vendor Advisory

Timeline

Published: Dec 8, 2011
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2011-4539?

How severe is CVE-2011-4539?

Severity scoring for CVE-2011-4539 is pending analysis. The EPSS model estimates a 15.48% probability of exploitation in the next 30 days.

How do I fix CVE-2011-4539?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-4539?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST