7.1

CVE-2016-2774

ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.

Data is provided by the National Vulnerability Database (NVD)
IscDhcp Version4.1-esv Update-
IscDhcp Version4.1-esv Updater1
IscDhcp Version4.1-esv Updater10
IscDhcp Version4.1-esv Updater10_b1
IscDhcp Version4.1-esv Updater11_b1
IscDhcp Version4.1-esv Updater11_rc1
IscDhcp Version4.1-esv Updater11_rc2
IscDhcp Version4.1-esv Updater12
IscDhcp Version4.1-esv Updater12_b1
IscDhcp Version4.1-esv Updater2
IscDhcp Version4.1-esv Updater3
IscDhcp Version4.1-esv Updater3_b1
IscDhcp Version4.1-esv Updater4
IscDhcp Version4.1-esv Updater5
IscDhcp Version4.1-esv Updater5_b1
IscDhcp Version4.1-esv Updater5_rc1
IscDhcp Version4.1-esv Updater5_rc2
IscDhcp Version4.1-esv Updater6
IscDhcp Version4.1-esv Updater7
IscDhcp Version4.1-esv Updater8
IscDhcp Version4.1-esv Updater8_b1
IscDhcp Version4.1-esv Updater8_rc1
IscDhcp Version4.1-esv Updater9
IscDhcp Version4.1-esv Updater9_b1
IscDhcp Version4.1-esv Updater9_rc1
IscDhcp Version4.1-esv Updaterc1
IscDhcp Version4.1.0 Update-
IscDhcp Version4.1.0 Updatea1
IscDhcp Version4.1.0 Updatea2
IscDhcp Version4.1.0 Updateb1
IscDhcp Version4.1.1 Update-
IscDhcp Version4.1.1 Updateb1
IscDhcp Version4.1.1 Updateb2
IscDhcp Version4.1.1 Updateb3
IscDhcp Version4.1.1 Updatep1
IscDhcp Version4.1.1 Updaterc1
IscDhcp Version4.1.2 Update-
IscDhcp Version4.1.2 Updateb1
IscDhcp Version4.1.2 Updatep1
IscDhcp Version4.1.2 Updaterc1
IscDhcp Version4.2.0 Update-
IscDhcp Version4.2.0 Updatea1
IscDhcp Version4.2.0 Updatea2
IscDhcp Version4.2.0 Updateb1
IscDhcp Version4.2.0 Updateb2
IscDhcp Version4.2.0 Updatep1
IscDhcp Version4.2.0 Updatep2
IscDhcp Version4.2.0 Updaterc1
IscDhcp Version4.2.1 Update-
IscDhcp Version4.2.1 Updateb1
IscDhcp Version4.2.1 Updatep1
IscDhcp Version4.2.1 Updaterc1
IscDhcp Version4.2.2 Update-
IscDhcp Version4.2.2 Updateb1
IscDhcp Version4.2.2 Updaterc1
IscDhcp Version4.2.3 Update-
IscDhcp Version4.2.3 Updatep1
IscDhcp Version4.2.3 Updatep2
IscDhcp Version4.2.4 Update-
IscDhcp Version4.2.4 Updateb1
IscDhcp Version4.2.4 Updatep1
IscDhcp Version4.2.4 Updatep2
IscDhcp Version4.2.4 Updaterc1
IscDhcp Version4.2.4 Updaterc2
IscDhcp Version4.2.5 Update-
IscDhcp Version4.2.5 Updateb1
IscDhcp Version4.2.5 Updatep1
IscDhcp Version4.2.5 Updaterc1
IscDhcp Version4.2.6 Update-
IscDhcp Version4.2.6 Updateb1
IscDhcp Version4.2.6 Updaterc1
IscDhcp Version4.2.7 Update-
IscDhcp Version4.2.7 Updateb1
IscDhcp Version4.2.7 Updaterc1
IscDhcp Version4.2.8 Update-
IscDhcp Version4.2.8 Updateb1
IscDhcp Version4.2.8 Updaterc1
IscDhcp Version4.2.8 Updaterc2
IscDhcp Version4.3.0 Update-
IscDhcp Version4.3.0 Updatea1
IscDhcp Version4.3.0 Updateb1
IscDhcp Version4.3.0 Updaterc1
IscDhcp Version4.3.1 Update-
IscDhcp Version4.3.1 Updateb1
IscDhcp Version4.3.1 Updaterc1
IscDhcp Version4.3.2 Update-
IscDhcp Version4.3.2 Updateb1
IscDhcp Version4.3.2 Updaterc1
IscDhcp Version4.3.2 Updaterc2
IscDhcp Version4.3.3 Update-
IscDhcp Version4.3.3 Updateb1
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version17.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 69.96% 0.986
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:N/I:N/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/84208
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1035196
Third Party Advisory
VDB Entry
https://usn.ubuntu.com/3586-1/
Third Party Advisory