Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-5732

Опубликовано: 09 окт. 2019
Источник: debian
EPSS Низкий

Описание

Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0

Пакеты

ПакетСтатусВерсия исправленияРелизТип
isc-dhcpfixed4.3.5-3.1package

Примечания

  • https://kb.isc.org/article/AA-01565/75/CVE-2018-5732

  • https://bugs.isc.org/Public/Bug/Display.html?id=47139

  • https://gitlab.isc.org/isc-projects/dhcp/-/commit/c5931725b48b121d232df4ba9e45bc41e0ba114d (4.4.1)

  • Fixes for 4.3.6p1: https://gitlab.isc.org/isc-projects/dhcp/-/commit/99a25aedea02d9c259cb8fabf4be700fb32571a3

EPSS

Процентиль: 82%
0.01756
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2018-5732

CVSS3: 7.5
ubuntu
около 6 лет назад

Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0

redhat логотип

CVE-2018-5732

CVSS3: 7.5
redhat
больше 7 лет назад

Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0

nvd логотип

CVE-2018-5732

CVSS3: 7.5
nvd
около 6 лет назад

Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0

github логотип

GHSA-j4cm-vph7-f7qg

github
больше 3 лет назад

Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0

fstec логотип

BDU:2018-00356

CVSS3: 9.1
fstec
почти 8 лет назад

Уязвимость сервера ISC DHCP, связанная с переполнением буфера памяти, позволяющая нарушителю вызвать отказ в обслуживании или получить несанкционированный доступ к конфиденциальным данным

EPSS

Процентиль: 82%
0.01756
Низкий