Huawei EulerOS Local Security Checks : Huawei EulerOS: Security Advisory for dhcp (EulerOS-SA-2025-1331)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.2.2025.1331

Kategorie: Huawei EulerOS Local Security Checks

Titel: Huawei EulerOS: Security Advisory for dhcp (EulerOS-SA-2025-1331)

Zusammenfassung: The remote host is missing an update for the Huawei EulerOS 'dhcp' package(s) announced via the EulerOS-SA-2025-1331 advisory.

Beschreibung: Summary:
The remote host is missing an update for the Huawei EulerOS 'dhcp' package(s) announced via the EulerOS-SA-2025-1331 advisory.

Vulnerability Insight:
The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size, depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key, only network access to the control channel's configured TCP port is necessary. (CVE-2023-3341)

Affected Software/OS:
'dhcp' package(s) on Huawei EulerOS V2.0SP13(x86_64).

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2023-3341
Debian Security Information: DSA-5504 (Google Search)
https://www.debian.org/security/2023/dsa-5504
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U35OARLQCPMVCBBPHWBXY5M6XJLD2TZ5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJLLTJCSDJJII7IIZPLTBQNWP7MZH7F/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSK5V4W4OHPM3JTJGWAQD6CZW7SFD75B/
CVE-2023-3341
https://kb.isc.org/docs/cve-2023-3341
https://lists.debian.org/debian-lts-announce/2024/01/msg00021.html
http://www.openwall.com/lists/oss-security/2023/09/20/2

Copyright Copyright (C) 2025 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.2.2025.1331
Kategorie:	Huawei EulerOS Local Security Checks
Titel:	Huawei EulerOS: Security Advisory for dhcp (EulerOS-SA-2025-1331)
Zusammenfassung:	The remote host is missing an update for the Huawei EulerOS 'dhcp' package(s) announced via the EulerOS-SA-2025-1331 advisory.
Beschreibung:	Summary: The remote host is missing an update for the Huawei EulerOS 'dhcp' package(s) announced via the EulerOS-SA-2025-1331 advisory. Vulnerability Insight: The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size, depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key, only network access to the control channel's configured TCP port is necessary. (CVE-2023-3341) Affected Software/OS: 'dhcp' package(s) on Huawei EulerOS V2.0SP13(x86_64). Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2023-3341 Debian Security Information: DSA-5504 (Google Search) https://www.debian.org/security/2023/dsa-5504 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U35OARLQCPMVCBBPHWBXY5M6XJLD2TZ5/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJLLTJCSDJJII7IIZPLTBQNWP7MZH7F/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSK5V4W4OHPM3JTJGWAQD6CZW7SFD75B/ CVE-2023-3341 https://kb.isc.org/docs/cve-2023-3341 https://lists.debian.org/debian-lts-announce/2024/01/msg00021.html http://www.openwall.com/lists/oss-security/2023/09/20/2
Copyright	Copyright (C) 2025 Greenbone AG