CVE-2017-3144

EPSS 18.41%
Published 16.01.2019 20:29:00
Last modified 21.11.2024 03:24:55
Source security-officer@isc.org
Teams watchlist Login
Open Login

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.

Affected products Warnungen 0 Metrics 4 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Isc ≫ Dhcp Version >= 4.2.0 <= 4.2.8

Isc ≫ Dhcp Version >= 4.3.0 <= 4.3.6

Isc ≫ Dhcp Version4.1-esv Update-

Isc ≫ Dhcp Version4.1-esv Updater1

Isc ≫ Dhcp Version4.1-esv Updater10

Isc ≫ Dhcp Version4.1-esv Updater10_b1

Isc ≫ Dhcp Version4.1-esv Updater10_rc1

Isc ≫ Dhcp Version4.1-esv Updater11

Isc ≫ Dhcp Version4.1-esv Updater11_b1

Isc ≫ Dhcp Version4.1-esv Updater11_rc1

Isc ≫ Dhcp Version4.1-esv Updater11_rc2

Isc ≫ Dhcp Version4.1-esv Updater12

Isc ≫ Dhcp Version4.1-esv Updater12_b1

Isc ≫ Dhcp Version4.1-esv Updater12_p1

Isc ≫ Dhcp Version4.1-esv Updater13

Isc ≫ Dhcp Version4.1-esv Updater13_b1

Isc ≫ Dhcp Version4.1-esv Updater14

Isc ≫ Dhcp Version4.1-esv Updater14_b1

Isc ≫ Dhcp Version4.1-esv Updater15

Isc ≫ Dhcp Version4.1-esv Updater2

Isc ≫ Dhcp Version4.1-esv Updater3

Isc ≫ Dhcp Version4.1-esv Updater3_b1

Isc ≫ Dhcp Version4.1-esv Updater4

Isc ≫ Dhcp Version4.1-esv Updater5

Isc ≫ Dhcp Version4.1-esv Updater5_b1

Isc ≫ Dhcp Version4.1-esv Updater5_rc1

Isc ≫ Dhcp Version4.1-esv Updater5_rc2

Isc ≫ Dhcp Version4.1-esv Updater6

Isc ≫ Dhcp Version4.1-esv Updater7

Isc ≫ Dhcp Version4.1-esv Updater8

Isc ≫ Dhcp Version4.1-esv Updater8_b1

Isc ≫ Dhcp Version4.1-esv Updater8_rc1

Isc ≫ Dhcp Version4.1-esv Updater9

Isc ≫ Dhcp Version4.1-esv Updater9_b1

Isc ≫ Dhcp Version4.1-esv Updater9_rc1

Isc ≫ Dhcp Version4.1.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version7.4

Redhat ≫ Enterprise Linux Server Aus Version7.6

Redhat ≫ Enterprise Linux Server Eus Version7.4

Redhat ≫ Enterprise Linux Server Eus Version7.5

Redhat ≫ Enterprise Linux Server Eus Version7.6

Redhat ≫ Enterprise Linux Server Tus Version7.4

Redhat ≫ Enterprise Linux Server Tus Version7.6

Redhat ≫ Enterprise Linux Workstation Version7.0

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version17.10

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	18.41%	0.95

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
security-officer@isc.org	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://usn.ubuntu.com/3586-1/

Third Party Advisory

http://www.securityfocus.com/bid/102726

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1040194

Third Party Advisory

VDB Entry

https://access.redhat.com/errata/RHSA-2018:0158

Third Party Advisory

https://kb.isc.org/docs/aa-01541

Vendor Advisory