Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-5733

Опубликовано: 28 фев. 2018
Источник: redhat
CVSS3: 5.9
EPSS Средний

Описание

A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.

A denial of service flaw was found in the way dhcpd handled reference counting when processing client requests. A malicious DHCP client could use this flaw to trigger a reference count overflow on the server side, potentially causing dhcpd to crash, by sending large amounts of traffic.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5dhcpWill not fix
Red Hat Enterprise Linux 8dhcpNot affected
Red Hat Enterprise Linux 6dhcpFixedRHSA-2018:046909.03.2018
Red Hat Enterprise Linux 7dhcpFixedRHSA-2018:048312.03.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=1549961dhcp: Reference count overflow in dhcpd allows denial of service

EPSS

Процентиль: 96%
0.29144
Средний

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-5733

CVSS3: 7.5
ubuntu
почти 7 лет назад

A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.

nvd логотип

CVE-2018-5733

CVSS3: 7.5
nvd
почти 7 лет назад

A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.

debian логотип

CVE-2018-5733

CVSS3: 7.5
debian
почти 7 лет назад

A malicious client which is allowed to send very large amounts of traf ...

github логотип

GHSA-6f7q-j62j-5545

CVSS3: 7.5
github
больше 3 лет назад

A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.

fstec логотип

BDU:2018-00357

CVSS3: 7.5
fstec
почти 8 лет назад

Уязвимость DHCP-сервера dhcpd, вызванная возможностью переполнения 32-разрядного счетчика ссылок и позволяющая вызвать отказ в обслуживании сервера

EPSS

Процентиль: 96%
0.29144
Средний

5.9 Medium

CVSS3