Design/Logic Flaw

2016-03-0915:59:00

PRIOn knowledge base

www.prio-n.com

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

High

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.922 High

EPSS

Percentile

98.9%

JSON

ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.

CPENameOperatorVersion
ubuntu_linuxeq16.04
ubuntu_linuxeq14.04
ubuntu_linuxeq17.10
debian_linuxeq8.0
dhcpeq4.1esv r3b1
dhcpeq4.1-esv r3
dhcpeq4.1esv r5rc2
dhcpeq4.1-esv r12
dhcpeq4.2.2 rc1
dhcpeq4.2.8 rc2

Name	Operator	Version
ubuntu_linux	eq	16.04
ubuntu_linux	eq	14.04
ubuntu_linux	eq	17.10
debian_linux	eq	8.0
dhcp	eq	4.1esv r3b1
dhcp	eq	4.1-esv r3
dhcp	eq	4.1esv r5rc2
dhcp	eq	4.1-esv r12
dhcp	eq	4.2.2 rc1
dhcp	eq	4.2.8 rc2