{
  "threat_severity" : "Moderate",
  "public_date" : "2016-01-12T00:00:00Z",
  "bugzilla" : {
    "description" : "dhcp: UDP payload length not properly checked",
    "id" : "1297314",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1297314"
  },
  "cvss" : {
    "cvss_base_score" : "2.9",
    "cvss_scoring_vector" : "AV:A/AC:M/Au:N/C:N/I:N/A:P",
    "status" : "draft"
  },
  "cwe" : "CWE-190->CWE-125",
  "details" : [ "ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet." ],
  "statement" : "This issue is not planned to be addressed in the dhcp packages as shipped with Red Hat Enterprise Linux 5, 6, or 7, as the problem can not be triggered with those packages. For further technical details, refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1297314#c5",
  "acknowledgement" : "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Sebastian Poehn (Sophos) as the original reporter.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "dhcp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "dhcp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "dhcp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-8605\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8605\nhttps://kb.isc.org/article/AA-01334" ],
  "name" : "CVE-2015-8605",
  "csaw" : false
}