Lucene search

[email protected]NVD:CVE-2017-3144

HistoryJan 16, 2019 - 8:29 p.m.

CVE-2017-3144

2019-01-1620:29:00

CWE-400

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.2 Medium

AI Score

Confidence

High

0.144 Low

EPSS

Percentile

95.8%

JSON

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.

Affected configurations

NVD

Node

iscdhcpRange4.2.0–4.2.8

iscdhcpRange4.3.0–4.3.6

iscdhcpMatch4.1-esv-

iscdhcpMatch4.1-esvr1

iscdhcpMatch4.1-esvr10

iscdhcpMatch4.1-esvr10_b1

iscdhcpMatch4.1-esvr10_rc1

iscdhcpMatch4.1-esvr11

iscdhcpMatch4.1-esvr11_b1

iscdhcpMatch4.1-esvr11_rc1

iscdhcpMatch4.1-esvr11_rc2

iscdhcpMatch4.1-esvr12

iscdhcpMatch4.1-esvr12_b1

iscdhcpMatch4.1-esvr12_p1

iscdhcpMatch4.1-esvr13

iscdhcpMatch4.1-esvr13_b1

iscdhcpMatch4.1-esvr14

iscdhcpMatch4.1-esvr14_b1

iscdhcpMatch4.1-esvr15

iscdhcpMatch4.1-esvr2

iscdhcpMatch4.1-esvr3

iscdhcpMatch4.1-esvr3_b1

iscdhcpMatch4.1-esvr4

iscdhcpMatch4.1-esvr5

iscdhcpMatch4.1-esvr5_b1

iscdhcpMatch4.1-esvr5_rc1

iscdhcpMatch4.1-esvr5_rc2

iscdhcpMatch4.1-esvr6

iscdhcpMatch4.1-esvr7

iscdhcpMatch4.1-esvr8

iscdhcpMatch4.1-esvr8_b1

iscdhcpMatch4.1-esvr8_rc1

iscdhcpMatch4.1-esvr9

iscdhcpMatch4.1-esvr9_b1

iscdhcpMatch4.1-esvr9_rc1

iscdhcpMatch4.1.0

Node

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.4

redhatenterprise_linux_server_ausMatch7.6

redhatenterprise_linux_server_eusMatch7.4

redhatenterprise_linux_server_eusMatch7.5

redhatenterprise_linux_server_eusMatch7.6

redhatenterprise_linux_server_tusMatch7.4

redhatenterprise_linux_server_tusMatch7.6

redhatenterprise_linux_workstationMatch7.0

Node

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch17.10

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

References

www.securityfocus.com/bid/102726

www.securitytracker.com/id/1040194

access.redhat.com/errata/RHSA-2018:0158

kb.isc.org/docs/aa-01541

usn.ubuntu.com/3586-1/

www.debian.org/security/2018/dsa-4133

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.2 Medium

AI Score

Confidence

High

0.144 Low

EPSS

Percentile

95.8%

JSON

Related for NVD:CVE-2017-3144

nessus19 oraclelinux1 ibm5 osv2 openvas11 mageia1 cvelist1 cve1 f51 centos1 amazon1 redhatcve1 ubuntucve1 debiancve1 prion1 checkpoint_advisories1 redhat1 gentoo1 debian2 cloudfoundry1 ubuntu1 rosalinux1 photon5