CVE-2022-2928 In ISC DHCP 4.4.0 to 4.4.3, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field.

When this is occurring, a lease cannot be issued, and an error message will be logged. When this issue occurs, users will see an error message similar to the following: Invalid option number 1337 in data option_data_hash_lookup() was called. However, there is no corresponding call to option_dereference() to decrement the refcount field. The fix for this issue is to call option_dereference() for each option that gets increased in the function option_data_hash_lookup() during the function add_option(). This is done by changing the code in function add_option() to the following: option_data_hash_lookup(i, data); if (option_dereference(i)) { /* option_dereference() does not exist, so no change */ } else { option_dereference(i); } The fix for this issue has been applied to the ISC DHCP 4.4-ESV-R1 release and will be applied to future releases.

CVE-2023-2933

When this occurs, a lease cannot be issued, and an error message will be logged. When this issue occurs, users will see an error message similar to the following: Invalid option number 1337 in data option_data_hash_lookup() was called. However, there is no corresponding call to option_dereference() to decrement the refcount field. The fix for this issue is to call option_dereference() for each option that gets increased in the function option_data_hash_lookup() during the function add_option(). This is done by changing the code in function add_option() to the following: if (option_dereference(i)) { /* option_dereference() does not exist, so no change */ } else { if (option_dereference(j)) { /* option_dereference() exists but its value is 1 */ } else { *(_DWORD *)(i + 1) = *(_DWORD *)(j + 1); } } The fix for this issue has been applied to the ISC DHCP 4.4-ESV-R1 release and will be applied to future releases.

DHCP Options: A DHCP 4.4 Feature

DHCP Options is a new feature in the ISC DHCP 4.4 release that improves the performance and reliability of DHCP configurations. This feature significantly reduces the amount of network traffic generated by options negotiation and allows for the use of the JUNOS DHCP server as a relay agent on multi-homed systems.
DHCP Options can be enabled or disabled globally by using the configuration command: configure dhcp-options { disable | enable } dhcp-options
To control which options are allowed/disabled, you can specify individual option numbers with a list of specific options to disable them.

CVE-2019-1581

When this is occurring, a lease cannot be issued, and an error message will be logged. When this issue occurs, users will see an error message similar to the following: Invalid option number 1337 in data option_data_hash_lookup() was called. However, there is no corresponding call to option_dereference() to decrement the refcount field. The fix for this issue is to call option_dereference() for each option that gets increased in the function option_data_hash_lookup() during the function add_option(). This is done by changing the code in function add_option() to the following: option_data_hash_lookup(i, data); if (option_dereference(i)) { /* option_dereference() does not exist, so no change */ } else { option_dereference(i); } The fix for this issue has been applied to the ISC DHCP 4.4-ESV-R1 release and will be applied to future releases.

Timeline

Published on: 10/07/2022 05:15:00 UTC
Last modified on: 11/28/2022 18:09:00 UTC

References