CVE-2015-8605
UnknownEPSS 76.45%
Last modified
CVE-2015-8605 is a vulnerability of currently unknown severity. ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.. EPSS estimates a 76.45% chance of exploitation in the next 30 days.
Description
ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sophos | Unified Threat Management Up2date | <= 9.318 |
| Sophos | Unified Threat Management Up2date | <= 9.353 |
| Isc | Dhcp | 4.0.0 |
| Isc | Dhcp | 4.0.1 |
| Isc | Dhcp | 4.0.2 |
| Isc | Dhcp | 4.0.3 |
| Isc | Dhcp | 4.1-esv |
| Isc | Dhcp | 4.1.0 |
| Isc | Dhcp | 4.1.1 |
| Isc | Dhcp | 4.1.2 |
| Isc | Dhcp | 4.2.0 |
| Isc | Dhcp | 4.2.1 |
| Isc | Dhcp | 4.2.2 |
| Isc | Dhcp | 4.2.3 |
| Isc | Dhcp | 4.2.4 |
| Isc | Dhcp | 4.2.5 |
| Isc | Dhcp | 4.2.6 |
| Isc | Dhcp | 4.2.7 |
| Isc | Dhcp | 4.2.8 |
| Isc | Dhcp | 4.3.0 |
| Isc | Dhcp | 4.3.1 |
| Isc | Dhcp | 4.3.2 |
| Isc | Dhcp | 4.3.3 |
| Debian | Debian Linux | 7.0 |
| Debian | Debian Linux | 8.0 |
| Debian | Debian Linux | 9.0 |
| Canonical | Ubuntu Linux | 12.04 |
| Canonical | Ubuntu Linux | 14.04 |
| Canonical | Ubuntu Linux | 15.04 |
| Canonical | Ubuntu Linux | 15.10 |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.htmlMailing List, Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.htmlMailing List, Third Party Advisory
- http://www.debian.org/security/2016/dsa-3442Third Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlThird Party Advisory
- http://www.securityfocus.com/bid/80703Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1034657Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-2868-1Third Party Advisory
- https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/Third Party Advisory
- https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/Third Party Advisory
- https://kb.isc.org/article/AA-01334Vendor Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.htmlMailing List, Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.htmlMailing List, Third Party Advisory
- http://www.debian.org/security/2016/dsa-3442Third Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlThird Party Advisory
- http://www.securityfocus.com/bid/80703Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1034657Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-2868-1Third Party Advisory
- https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/Third Party Advisory
- https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/Third Party Advisory
- https://kb.isc.org/article/AA-01334Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-8605?
ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.
How severe is CVE-2015-8605?
Severity scoring for CVE-2015-8605 is pending analysis. The EPSS model estimates a 76.45% probability of exploitation in the next 30 days.
How do I fix CVE-2015-8605?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2015-8605?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST