Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-5732

Опубликовано: 28 фев. 2018
Источник: redhat
CVSS3: 7.5

Описание

Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0

An out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running on DHCP client machines via a crafted DHCP response packet.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5dhcpWill not fix
Red Hat Enterprise Linux 8dhcpNot affected
Red Hat Enterprise Linux 6dhcpFixedRHSA-2018:046909.03.2018
Red Hat Enterprise Linux 7dhcpFixedRHSA-2018:048312.03.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=1549960dhcp: Buffer overflow in dhclient possibly allowing code execution triggered by malicious server

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-5732

CVSS3: 7.5
ubuntu
около 6 лет назад

Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0

nvd логотип

CVE-2018-5732

CVSS3: 7.5
nvd
около 6 лет назад

Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0

debian логотип

CVE-2018-5732

CVSS3: 7.5
debian
около 6 лет назад

Failure to properly bounds-check a buffer used for processing DHCP opt ...

github логотип

GHSA-j4cm-vph7-f7qg

github
больше 3 лет назад

Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0

fstec логотип

BDU:2018-00356

CVSS3: 9.1
fstec
почти 8 лет назад

Уязвимость сервера ISC DHCP, связанная с переполнением буфера памяти, позволяющая нарушителю вызвать отказ в обслуживании или получить несанкционированный доступ к конфиденциальным данным

7.5 High

CVSS3