CVE-2012-3570: An Error in the Handling of an Unexpected Client Identifiers can Cause Server Crash When Serving DHCPv6


Title:  An error in the handling of an unexpected client identifiers can cause a server crash when serving DHCPv6.

Document Version:          2.1
Posting date: 
24 Jul 2012
Program Impacted: 
Versions affected: 
4.2.0 --> 4.2.4
From adjacent networks


An unexpected client identifier parameter can cause the ISC DHCP daemon to segmentation fault when running in DHCPv6 mode, resulting in a denial of service to further client requests. 

In order to exploit this condition, an attacker must be able to send requests to the DHCP server.


Causes the server process to crash when a buffer overflows, resulting in a denial of service.  NOTE: DHCP versions 4.0 -->4.1.x are NOT impacted.

CVSS Score: 6.1

CVSS Equation:  (AV:A/AC:L/Au:N/C:N/I:N/A:C)
For more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit



Active exploits: 

None known at this time.

Upgrade affected systems to DHCP 4.2.4-P1

DHCP 4.2.4-P1 is available from

Markus Hietava of Codenomicon CROSS project for finding the vulnerability, and CERT-FI for vulnerability coordination.

Document Revision History:

1.0 - 03 July 2012 - Phase I notified
1.1 - 13 July 2012 HOLD notice sent to Phase 1 regarding new CVE being added and new public release date
1.2 - 23 July 2012 Phase 2 & 3 notified
2.0 - 24 July 2012 Phase 4-Public release
2.1 - 30 July 2012 Added Chinese Translation


This security advisory is also located in our KnowledgeBase:

Note: ISC patches only Currently supported versions. When possible we indicate EOL versions affected.

If you'd like more information on our Forum or BIND/DHCP support please visit or