VIR Vulnerability Intelligence Relay

CVE-2012-3954

low
Published 2012-07-25 · Modified 2026-04-29
CVSS v3
CVSS v2
3.3
VIR risk
3.3

Description

Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-3954

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://kb.isc.org/article/AA-00737

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed4.2.4-2
debian debianbullseyefixed4.2.4-2
debian debiansidfixed4.2.4-2
debian debiantrixiefixed4.2.4-2
debian debian6.0affected
debian debian7.0affected
ubuntu ubuntu11.04affected
ubuntu ubuntu11.10affected
ubuntu ubuntu12.04affected

Application impact
VendorProductVersionsFixed
iscdhcp4.1.0
iscdhcp4.1.1
iscdhcp4.1.2
iscdhcp4.2.0
iscdhcp4.2.1
iscdhcp4.2.2
iscdhcp4.2.3
iscdhcp4.2.4
iscdhcp4.1-esv

References

CWEs

CWE-399

Verify integrity in audit chain (admin only). AS-IS.