{"id":"CVE-2020-13529","details":"An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.","modified":"2026-04-16T00:08:44.530406889Z","published":"2021-05-10T16:15:07.373Z","related":["ALSA-2021:4361","SUSE-SU-2021:2809-1","openSUSE-SU-2021:2809-1","openSUSE-SU-2024:10602-1","openSUSE-SU-2024:11420-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2021/08/04/2"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2021/08/17/3"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2021/09/07/3"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202107-48"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210625-0005/"},{"type":"EVIDENCE","url":"https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/systemd/systemd","events":[{"introduced":"0"},{"last_affected":"ea500ac513cf51bcb79a5666f1519499d029428f"},{"last_affected":"47675042c2622b96590c89d610b529e09099ce26"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"245-NA"},{"last_affected":"33"}],"cpe":["cpe:2.3:a:systemd_project:systemd:245:-:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}}],"versions":["v1","v10","v11","v12","v13","v14","v15","v16","v17","v18","v183","v184","v185","v186","v187","v188","v189","v19","v190","v191","v192","v193","v194","v195","v196","v197","v198","v199","v2","v20","v200","v201","v202","v203","v204","v205","v206","v207","v208","v209","v21","v210","v211","v212","v213","v214","v215","v216","v217","v218","v219","v22","v220","v221","v222","v223","v224","v225","v226","v227","v228","v229","v23","v230","v231","v232","v233","v234","v235","v236","v237","v238","v239","v24","v240","v241","v241-rc1","v241-rc2","v242","v242-rc1","v242-rc2","v242-rc3","v242-rc4","v243","v243-rc1","v243-rc2","v244","v244-rc1","v245","v245-rc1","v245-rc2","v25","v26","v27","v28","v29","v3","v30","v31","v32","v33","v34","v35","v36","v37","v38","v39","v4","v40","v41","v42","v43","v44","v5","v6","v7","v8","v9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-13529.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}]}