Lucene search

[email protected]NVD:CVE-2018-5733

HistoryJan 16, 2019 - 8:29 p.m.

CVE-2018-5733

2019-01-1620:29:00

CWE-190

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

High

0.065 Low

EPSS

Percentile

93.8%

JSON

A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.

Affected configurations

NVD

Node

iscdhcpRange4.2.0–4.2.8

iscdhcpRange4.3.0–4.3.6

iscdhcpMatch4.1-esv-

iscdhcpMatch4.1-esvr1

iscdhcpMatch4.1-esvr10

iscdhcpMatch4.1-esvr10_b1

iscdhcpMatch4.1-esvr10_rc1

iscdhcpMatch4.1-esvr11

iscdhcpMatch4.1-esvr11_b1

iscdhcpMatch4.1-esvr11_rc1

iscdhcpMatch4.1-esvr11_rc2

iscdhcpMatch4.1-esvr12

iscdhcpMatch4.1-esvr12_b1

iscdhcpMatch4.1-esvr12_p1

iscdhcpMatch4.1-esvr13

iscdhcpMatch4.1-esvr13_b1

iscdhcpMatch4.1-esvr14

iscdhcpMatch4.1-esvr14_b1

iscdhcpMatch4.1-esvr15

iscdhcpMatch4.1-esvr2

iscdhcpMatch4.1-esvr3

iscdhcpMatch4.1-esvr3_b1

iscdhcpMatch4.1-esvr4

iscdhcpMatch4.1-esvr5

iscdhcpMatch4.1-esvr5_b1

iscdhcpMatch4.1-esvr5_rc1

iscdhcpMatch4.1-esvr5_rc2

iscdhcpMatch4.1-esvr6

iscdhcpMatch4.1-esvr7

iscdhcpMatch4.1-esvr8

iscdhcpMatch4.1-esvr8_b1

iscdhcpMatch4.1-esvr8_rc1

iscdhcpMatch4.1-esvr9

iscdhcpMatch4.1-esvr9_b1

iscdhcpMatch4.1-esvr9_rc1

iscdhcpMatch4.1-esvrc1

iscdhcpMatch4.1.0-

iscdhcpMatch4.4.0

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.4

redhatenterprise_linux_server_ausMatch7.6

redhatenterprise_linux_server_eusMatch7.4

redhatenterprise_linux_server_eusMatch7.5

redhatenterprise_linux_server_eusMatch7.6

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

Node

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch17.10

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

References

www.securityfocus.com/bid/103188

www.securitytracker.com/id/1040437

access.redhat.com/errata/RHSA-2018:0469

access.redhat.com/errata/RHSA-2018:0483

kb.isc.org/docs/aa-01567

lists.debian.org/debian-lts-announce/2018/03/msg00015.html

usn.ubuntu.com/3586-1/

usn.ubuntu.com/3586-2/

www.debian.org/security/2018/dsa-4133

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

High

0.065 Low

EPSS

Percentile

93.8%

JSON

Related for NVD:CVE-2018-5733