CVE-2012-3954

Description

Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.

How to fix CVE-2012-3954

To remediate CVE-2012-3954, upgrade the affected package to a fixed version below.

• Debian/isc-dhcp—upgrade to 4.2.4-2 or later

Is CVE-2012-3954 being exploited?

Low — EPSS is 4.5%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 4.2.4-2

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2012-3954