Back to CVE Browser

CVE-2009-0692

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1440%

EPSS Percentile37.38th

PublishedJul 14, 2009

Last ModifiedApr 23, 2026

Vulnerability Description

Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option.

Affected Platforms (CPE)

📦

Isc

Dhcp

= 2.0

📦

Isc

Dhcp

= 3.0

📦

Isc

Dhcp

= 3.1

📦

Isc

Dhcp

= 4.0

📦

Isc

Dhcp

= 4.1.0

References & Advisories

🔗 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-010.txt.asc

🔗 http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083

🔗 http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00003.html

🔗 http://secunia.com/advisories/35785

🔗 http://secunia.com/advisories/35829

🔗 http://secunia.com/advisories/35830

🔗 http://secunia.com/advisories/35831

🔗 http://secunia.com/advisories/35832

Related Vulnerabilities

CVE-2001-018110.0

Format string vulnerability in the error logging code of DHCP server and client in Caldera Linux allows remote attackers to execut...

CVE-2000-058510.0

ISC DHCP client program dhclient allows remote attackers to execute arbitrary commands via shell metacharacters.

CVE-1999-081410.0

Red Hat pump DHCP client allows remote attackers to gain root access in some configurations.

CVE-2002-070210.0

Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, wit...