CVE-2018-5732

EPSS 1.76%
Veröffentlicht 09.10.2019 16:15:13
Zuletzt bearbeitet 21.11.2024 04:09:16
Quelle security-officer@isc.org
CVE-Watchlists
Login
Unerledigt
Login

Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Isc ≫ Dhcp Version >= 4.1.0 <= 4.1.2

Isc ≫ Dhcp Version >= 4.2.0 < 4.2.8

Isc ≫ Dhcp Version >= 4.3.0 < 4.3.6

Isc ≫ Dhcp Version4.1-esv Update-

Isc ≫ Dhcp Version4.1-esv Updater1

Isc ≫ Dhcp Version4.1-esv Updater10

Isc ≫ Dhcp Version4.1-esv Updater10b1

Isc ≫ Dhcp Version4.1-esv Updater10rc1

Isc ≫ Dhcp Version4.1-esv Updater11

Isc ≫ Dhcp Version4.1-esv Updater11b1

Isc ≫ Dhcp Version4.1-esv Updater11rc1

Isc ≫ Dhcp Version4.1-esv Updater11rc2

Isc ≫ Dhcp Version4.1-esv Updater12

Isc ≫ Dhcp Version4.1-esv Updater12-p1

Isc ≫ Dhcp Version4.1-esv Updater12b1

Isc ≫ Dhcp Version4.1-esv Updater13

Isc ≫ Dhcp Version4.1-esv Updater13b1

Isc ≫ Dhcp Version4.1-esv Updater14

Isc ≫ Dhcp Version4.1-esv Updater14b1

Isc ≫ Dhcp Version4.1-esv Updater15

Isc ≫ Dhcp Version4.1-esv Updater2

Isc ≫ Dhcp Version4.1-esv Updater3

Isc ≫ Dhcp Version4.1-esv Updater3b1

Isc ≫ Dhcp Version4.1-esv Updater4

Isc ≫ Dhcp Version4.1-esv Updater5

Isc ≫ Dhcp Version4.1-esv Updater5b1

Isc ≫ Dhcp Version4.1-esv Updater5rc1

Isc ≫ Dhcp Version4.1-esv Updater5rc2

Isc ≫ Dhcp Version4.1-esv Updater6

Isc ≫ Dhcp Version4.1-esv Updater7

Isc ≫ Dhcp Version4.1-esv Updater8

Isc ≫ Dhcp Version4.1-esv Updater8b1

Isc ≫ Dhcp Version4.1-esv Updater8rc1

Isc ≫ Dhcp Version4.1-esv Updater9

Isc ≫ Dhcp Version4.1-esv Updater9b1

Isc ≫ Dhcp Version4.1-esv Updater9rc1

Isc ≫ Dhcp Version4.1.2 Updatep1

Isc ≫ Dhcp Version4.4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.76%	0.82

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
security-officer@isc.org	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://kb.isc.org/docs/aa-01565

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-5732

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-5732

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-5732

EUVD