How severe is CVE-2021-34737?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2021-34737?

This is classified as CWE-476, which is a common weakness in software security.

CVE-2021-34737 - HIGH Severity | CVSS 7.5

Vulnerability Description

A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4 messages are improperly validated when they are processed by an affected device. An attacker could exploit this vulnerability by sending a malformed DHCPv4 message to an affected device. A successful exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the dhcpd process. While the dhcpd process is restarting, which may take up to approximately two minutes, DHCPv4 server services are unavailable on the affected device. This could temporarily prevent network access to clients that join the network during that time period. Note: Only the dhcpd process crashes and eventually restarts automatically. The router does not reload.

Related Vulnerabilities

CVE-1999-0052

HIGH

CVSS:7.5(High)

IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.

CWE-4761999

CVE-2002-0401

HIGH

CVSS:7.5(High)

SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL point...

CWE-4762002

CVE-2002-1912

HIGH

CVSS:7.5(High)

SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable the Ethernet interface when the buffers are full, which allows remote attackers to cause a denial of service (null pointer exceptio...

CWE-4762002

CVE-2003-1000

HIGH

CVSS:7.5(High)

xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.

CWE-4762003

CVE-2003-1013

HIGH

CVSS:7.5(High)

The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference.

CWE-4762003

CVE-2004-0079

HIGH

CVSS:7.5(High)

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null ...

CWE-4762004