CVE-2014-7913

The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted message.

Published: Jul 30, 2015
Updated: Apr 13, 2023
CVE: CVE-2014-7913
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
dhcpcd_project / dhcpcd	-	6.9.0.x

http://www.securitytracker.com/id/1033124
https://android.googlesource.com/platform/external/dhcpcd/+/73c09dd8067250734511d955d8f792b41c7213f0

Vulnerability Database

289,697

CVE-2014-7913