Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2016-1503

Published: 18/04/2016 Updated: 10/09/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Dhcpcd Project

Vulnerability Summary

dhcpcd prior to 6.10.0, as used in Android 4.x prior to 4.4.4, 5.0.x prior to 5.0.2, 5.1.x prior to 5.1.1, and 6.x prior to 2016-04-01 and other products, mismanages option lengths, which allows remote malicious users to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634.

Vulnerable Product Search on Vulmon Subscribe to Product

dhcpcd project dhcpcd

google android 4.4.3

google android 4.4.2

google android 4.2

google android 4.1.2

google android 4.1

google android 5.0.1

google android 5.0

google android 4.2.2

google android 4.2.1

google android 4.0

google android 6.0.1

google android 6.0

google android 4.4.1

google android 4.4

google android 4.0.4

google android 4.0.3

google android 5.1.0

google android 5.1

google android 4.3.1

google android 4.3

google android 4.0.2

google android 4.0.1

Vendor Advisories

Debian CVElist Bug Report Logs: dhcpcd5: CVE-2016-1503: heap overflow via malformed dhcp responses in print_option (via dhcp_envoption1) due to incorrect option length values
Debian Bug report logs - #810621 dhcpcd5: CVE-2016-1503: heap overflow via malformed dhcp responses in print_option (via dhcp_envoption1) due to incorrect option length values Package: src:dhcpcd5; Maintainer for src:dhcpcd5 is Scott Leggett <scott@slidau>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: ...
Debian CVElist Bug Report Logs: dhcpcd5: CVE-2016-1504: invalid read/crash via malformed dhcp responses
Debian Bug report logs - #810620 dhcpcd5: CVE-2016-1504: invalid read/crash via malformed dhcp responses Package: src:dhcpcd5; Maintainer for src:dhcpcd5 is Scott Leggett <scott@slidau>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 10 Jan 2016 16:27:02 UTC Severity: important Tags: fixed-upstrea ...
HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI03554 rev. 2 - Certain HP PageWide Pro printers and certain HP OfficeJet Pro printers, Denial of Service, possible execution of arbitrary code
A potential security vulnerability has been identified with certain HP printers This vulnerability could potentially be exploited to execute arbitrary code or create a denial of service note: This vulnerability was detected in specific versions of a 3rd party product that is embedded within some HP printers This bulletin notifies HP customers ...

References

CWE-119https://android.googlesource.com/platform/external/dhcpcd/+/1390ace71179f04a09c300ee8d0300aa69d9db09http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30http://source.android.com/security/bulletin/2016-04-02.htmlhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05388711https://security.gentoo.org/glsa/201606-07http://www.securitytracker.com/id/1034601https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810621https://support.hp.com/us-en/document/c05388711
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook