CVE-2012-3571

ISC DHCP 4.1.2-4.2.4 and 4.1-ESV < R6 - Denial of Service via Malformed Client Identifier

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-3571. PoCs published by Markus Hietava.

AI-analyzed exploit summary This exploit sends a malformed DHCP request packet with a zero-length client name to trigger a denial-of-service condition in ISC DHCP servers. The packet causes an infinite loop and high CPU consumption, leading to a crash.

Description

ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Markus Hietava · pythondoslinux

https://www.exploit-db.com/exploits/37538

View Code ZIP pw:eip

This exploit sends a malformed DHCP request packet with a zero-length client name to trigger a denial-of-service condition in ISC DHCP servers. The packet causes an infinite loop and high CPU consumption, leading to a crash.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: ISC DHCP 4.1.2 to 4.2.4 and 4.1-ESV to 4.1-ESV-R6

No auth needed

Prerequisites: Network access to the target DHCP server

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13

Core References

Third Party Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Vendor Advisory x_refsource_confirm

https://kb.isc.org/article/AA-00712

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2012/dsa-2516

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2012-1141.html

Third Party Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2012:116

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html

Third Party Advisory x_refsource_confirm

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

Third Party Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2012:115

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2012/dsa-2519

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1519-1

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-201301-06.xml

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2012-1140.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/54665

Scores

EPSS 0.1298

EPSS Percentile 95.8%

Details

CWE

CWE-119

Status published

Products (12)

canonical/ubuntu_linux 11.04

canonical/ubuntu_linux 11.10

canonical/ubuntu_linux 12.04

debian/debian_linux 6.0

debian/debian_linux 7.0

isc/dhcp 4.1.2

isc/dhcp 4.2.0 (7 CPE variants)

isc/dhcp 4.2.1 (3 CPE variants)

isc/dhcp 4.2.2 (3 CPE variants)

isc/dhcp 4.2.3 (3 CPE variants)

... and 2 more

Published Jul 25, 2012

Tracked Since Feb 18, 2026