{"id":"CVE-2022-2928","details":"In ISC DHCP 4.4.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.","modified":"2026-04-16T04:38:33.104452343Z","published":"2022-10-07T05:15:08.677Z","related":["ALSA-2023:2502","ALSA-2023:3000","SUSE-SU-2022:3991-1","SUSE-SU-2022:3992-1","openSUSE-SU-2024:12390-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202305-22"},{"type":"ADVISORY","url":"https://kb.isc.org/docs/cve-2022-2928"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.isc.org/isc-projects/dhcp","events":[{"introduced":"075a2f45da9a3194c9ea2c72b2167d9bb5bd0c21"},{"last_affected":"33226f2d76b6b7a06df6b76abbb3526100f5ae2d"},{"introduced":"0"},{"last_affected":"9f35323a8abe2ed4bc567b2b2613fc3ef9254e8f"},{"introduced":"0"},{"last_affected":"2d5ca865b7268d2f60a485c9a50f96b7890dd51f"},{"introduced":"0"},{"last_affected":"c4a3c3ee213715ff5a3f6255001148e333029741"},{"introduced":"0"},{"last_affected":"f10f02aa92b38606897523e19ad090fc0464a955"},{"introduced":"0"},{"last_affected":"c4a3c3ee213715ff5a3f6255001148e333029741"},{"introduced":"0"},{"last_affected":"f10f02aa92b38606897523e19ad090fc0464a955"},{"introduced":"0"},{"last_affected":"a05db3d943208ab168a9aba9117706bb58baea7c"},{"introduced":"0"},{"last_affected":"dda169525b6109935c76d2a7f0c479ff4fda0e82"},{"introduced":"0"},{"last_affected":"4f5c8255511e3600288eddfa6a4e594fde107458"},{"introduced":"0"},{"last_affected":"2a00efe8700df8bfd11881fdabeb18f33e8d9fe6"},{"introduced":"0"},{"last_affected":"dda169525b6109935c76d2a7f0c479ff4fda0e82"},{"introduced":"0"},{"last_affected":"4f5c8255511e3600288eddfa6a4e594fde107458"},{"introduced":"0"},{"last_affected":"2a00efe8700df8bfd11881fdabeb18f33e8d9fe6"},{"introduced":"0"},{"last_affected":"331193dd54344dc74ca1987797d99bb57ba277fe"},{"introduced":"0"},{"last_affected":"240d9b62e137cad28a08893326ab66d4cd7bbb89"},{"introduced":"0"},{"last_affected":"240d9b62e137cad28a08893326ab66d4cd7bbb89"},{"introduced":"0"},{"last_affected":"240d9b62e137cad28a08893326ab66d4cd7bbb89"},{"introduced":"0"},{"last_affected":"240d9b62e137cad28a08893326ab66d4cd7bbb89"},{"introduced":"0"},{"last_affected":"f0bd8bdff79188c900a31e763377eb1d25e80eb0"},{"introduced":"0"},{"last_affected":"3a1078b6d1292305c9e784cdce97d9ae6934cc01"},{"introduced":"0"},{"last_affected":"3a1078b6d1292305c9e784cdce97d9ae6934cc01"},{"introduced":"0"},{"last_affected":"3709b7fc844ab8384ba40a1be3cf7916168423e1"},{"introduced":"0"},{"last_affected":"54ec15cba2c5157bedf45cae9d062814e75e928e"},{"introduced":"0"},{"last_affected":"54ec15cba2c5157bedf45cae9d062814e75e928e"},{"introduced":"0"},{"last_affected":"8423b4587ea3eef2a55b9ab693c828d46e238f0a"},{"introduced":"0"},{"last_affected":"efaedc0d804d0c9ff0a798b677b838a79e2de52f"},{"introduced":"0"},{"last_affected":"efaedc0d804d0c9ff0a798b677b838a79e2de52f"},{"introduced":"0"},{"last_affected":"5a35af42ed56626997e03986aacbfa6c394c5a8d"},{"introduced":"0"},{"last_affected":"48e431b9f0e0058453387810a3878491c6e879ee"}],"database_specific":{"versions":[{"introduced":"4.4.0"},{"last_affected":"4.4.3"},{"introduced":"0"},{"last_affected":"4.1-esv-r1"},{"introduced":"0"},{"last_affected":"4.1-esv-r10"},{"introduced":"0"},{"last_affected":"4.1-esv-r10_b1"},{"introduced":"0"},{"last_affected":"4.1-esv-r10_rc1"},{"introduced":"0"},{"last_affected":"4.1-esv-r10b1"},{"introduced":"0"},{"last_affected":"4.1-esv-r10rc1"},{"introduced":"0"},{"last_affected":"4.1-esv-r11"},{"introduced":"0"},{"last_affected":"4.1-esv-r11_b1"},{"introduced":"0"},{"last_affected":"4.1-esv-r11_rc1"},{"introduced":"0"},{"last_affected":"4.1-esv-r11_rc2"},{"introduced":"0"},{"last_affected":"4.1-esv-r11b1"},{"introduced":"0"},{"last_affected":"4.1-esv-r11rc1"},{"introduced":"0"},{"last_affected":"4.1-esv-r11rc2"},{"introduced":"0"},{"last_affected":"4.1-esv-r12"},{"introduced":"0"},{"last_affected":"4.1-esv-r12\\-p1"},{"introduced":"0"},{"last_affected":"4.1-esv-r12_b1"},{"introduced":"0"},{"last_affected":"4.1-esv-r12_p1"},{"introduced":"0"},{"last_affected":"4.1-esv-r12b1"},{"introduced":"0"},{"last_affected":"4.1-esv-r13"},{"introduced":"0"},{"last_affected":"4.1-esv-r13_b1"},{"introduced":"0"},{"last_affected":"4.1-esv-r13b1"},{"introduced":"0"},{"last_affected":"4.1-esv-r14"},{"introduced":"0"},{"last_affected":"4.1-esv-r14_b1"},{"introduced":"0"},{"last_affected":"4.1-esv-r14b1"},{"introduced":"0"},{"last_affected":"4.1-esv-r15"},{"introduced":"0"},{"last_affected":"4.1-esv-r15\\-p1"},{"introduced":"0"},{"last_affected":"4.1-esv-r15_b1"},{"introduced":"0"},{"last_affected":"4.1-esv-r16"},{"introduced":"0"},{"last_affected":"4.1-esv-r16\\-p1"}]}}],"versions":["BCTEL_SPECIAL_19991124","DHCP-970305","DHCP-970305A","DHCP-970328","DHCP-970329","DHCP-970602","DHCP-970607","DHCP-970609","DHCP-971122","DHCP-971202","DHCP_970226A","DHCPv6_parsing_base","HEAD-MERGE-V3-0-3RC1","HEAD-MERGE-V3-0-3RC1_base","NetBSD_1_3_Alpha","V3-ALPHA-19990315","V3-ALPHA-19990326","V3-ALPHA-19990329","V3-ALPHA-19990329A","V3-ALPHA-19990330","V3-ALPHA-19990408","V3-ALPHA-19990412","V3-ALPHA-19990423","V3-ALPHA-19990424","V3-ALPHA-19990506","V3-ALPHA-19990507","V3-ALPHA-19990527","V3-ALPHA-19990608","V3-BETA-1-PATCH-0","V3-BETA-2-PATCH-1","V3-BETA-2-PATCH-10","V3-BETA-2-PATCH-11","V3-BETA-2-PATCH-12","V3-BETA-2-PATCH-13","V3-BETA-2-PATCH-14","V3-BETA-2-PATCH-15","V3-BETA-2-PATCH-16","V3-BETA-2-PATCH-18","V3-BETA-2-PATCH-19","V3-BETA-2-PATCH-2","V3-BETA-2-PATCH-20","V3-BETA-2-PATCH-21","V3-BETA-2-PATCH-22","V3-BETA-2-PATCH-23","V3-BETA-2-PATCH-24","V3-BETA-2-PATCH-4","V3-BETA-2-PATCH-7","V3-BETA-2-PATCH-8","V3-BETA-2-PATCH-9","V3-RC1","V3-RC2-PATCH-1","V3-RC3","V3_RC4","carrel-2","list","v4_0_0a1","v4_0_0a2","v4_0_0a3","v4_0_0b1","v4_0_0b2","v4_0_0b3","v4_0_0rc1","v4_1_0","v4_1_0a1","v4_1_0a2","v4_1_0b1","v4_1_0rc1","v4_1_1","v4_1_1b1","v4_1_1b2","v4_1_1b3","v4_1_1rc1","v4_1_2","v4_1_2b1","v4_1_2rc1","v4_1_esv_R4_Oracle","v4_1_esv_r0","v4_1_esv_r1","v4_1_esv_r10","v4_1_esv_r10b1","v4_1_esv_r10rc1","v4_1_esv_r11","v4_1_esv_r11b1","v4_1_esv_r11rc1","v4_1_esv_r11rc2","v4_1_esv_r12","v4_1_esv_r12b1","v4_1_esv_r13","v4_1_esv_r13b1","v4_1_esv_r14","v4_1_esv_r14b1","v4_1_esv_r15","v4_1_esv_r15b1","v4_1_esv_r16","v4_1_esv_r16b1","v4_1_esv_r16b1_f1","v4_1_esv_r2","v4_1_esv_r3","v4_1_esv_r4","v4_1_esv_r5","v4_1_esv_r5b1","v4_1_esv_r5rc1","v4_1_esv_r5rc2","v4_1_esv_r6","v4_1_esv_r7","v4_1_esv_r8","v4_1_esv_r8b1","v4_1_esv_r8rc1","v4_1_esv_r9","v4_1_esv_r9b1","v4_1_esv_r9rc1","v4_4_0","v4_4_0_f1","v4_4_1","v4_4_1_f1","v4_4_2","v4_4_2_f1","v4_4_2b1","v4_4_2b1_f1","v4_4_2b1_f2","v4_4_3"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]},{"events":[{"introduced":"0"},{"last_affected":"36"}]},{"events":[{"introduced":"0"},{"last_affected":"37"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2928.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}