CVE-2013-2494

libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266.

Published: Mar 28, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-2494
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.9
AV:N/AC:H/Au:S/C:N/I:N/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
isc / dhcp	4.2.2-rc1	4.2.2-rc1.x
isc / dhcp	4.2.2-b1	4.2.2-b1.x
isc / dhcp	4.2.0-b2	4.2.0-b2.x
isc / dhcp	4.2.1	4.2.1.x
isc / dhcp	4.2.4-p1	4.2.4-p1.x
isc / dhcp	4.2.0-a2	4.2.0-a2.x
isc / dhcp	4.2.3-p1	4.2.3-p1.x
isc / dhcp	4.2.2	4.2.2.x
isc / dhcp	4.2.3-p2	4.2.3-p2.x
isc / dhcp	4.2.0-b1	4.2.0-b1.x
isc / dhcp	4.2.1-rc1	4.2.1-rc1.x
isc / dhcp	4.2.0-a1	4.2.0-a1.x
isc / dhcp	4.2.4	4.2.4.x
isc / dhcp	4.2.0	4.2.0.x
isc / dhcp	4.2.5	4.2.5.x
isc / dhcp	4.2.1-b1	4.2.1-b1.x
isc / dhcp	4.2.0-rc1	4.2.0-rc1.x
isc / dhcp	4.2.3	4.2.3.x
isc / dhcp	4.2.0-p1	4.2.0-p1.x

https://kb.isc.org/article/AA-00880/

Vulnerability Database

289,697

CVE-2013-2494