CVE-2014-7913
EPSS 0.81%
Description
The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted message.
How to fix CVE-2014-7913
To remediate CVE-2014-7913, upgrade the affected package to a fixed version below.
- Debian/dhcpcd5—upgrade to 7.0.8-0.1 or later
Is CVE-2014-7913 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 7.0.8-0.1