dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to execute arbitrary code via shell metacharacters that are fed from a dhcpd .info script into a .exe script.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| phystech | dhcpcd | 1.3.17_pl2 |
| phystech | dhcpcd | 1.3.22_pl1 |
The dhcpcd DHCP client before 1.3.22 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors that cause an out-of-bounds memory read.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| phystech | dhcpcd | 1.3.17_pl2 |