7.5

CVE-2018-5733

A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IscDhcp Version >= 4.2.0 <= 4.2.8
IscDhcp Version >= 4.3.0 <= 4.3.6
IscDhcp Version4.1-esv Update-
IscDhcp Version4.1-esv Updater1
IscDhcp Version4.1-esv Updater10
IscDhcp Version4.1-esv Updater10_b1
IscDhcp Version4.1-esv Updater10_rc1
IscDhcp Version4.1-esv Updater11
IscDhcp Version4.1-esv Updater11_b1
IscDhcp Version4.1-esv Updater11_rc1
IscDhcp Version4.1-esv Updater11_rc2
IscDhcp Version4.1-esv Updater12
IscDhcp Version4.1-esv Updater12_b1
IscDhcp Version4.1-esv Updater12_p1
IscDhcp Version4.1-esv Updater13
IscDhcp Version4.1-esv Updater13_b1
IscDhcp Version4.1-esv Updater14
IscDhcp Version4.1-esv Updater14_b1
IscDhcp Version4.1-esv Updater15
IscDhcp Version4.1-esv Updater2
IscDhcp Version4.1-esv Updater3
IscDhcp Version4.1-esv Updater3_b1
IscDhcp Version4.1-esv Updater4
IscDhcp Version4.1-esv Updater5
IscDhcp Version4.1-esv Updater5_b1
IscDhcp Version4.1-esv Updater5_rc1
IscDhcp Version4.1-esv Updater5_rc2
IscDhcp Version4.1-esv Updater6
IscDhcp Version4.1-esv Updater7
IscDhcp Version4.1-esv Updater8
IscDhcp Version4.1-esv Updater8_b1
IscDhcp Version4.1-esv Updater8_rc1
IscDhcp Version4.1-esv Updater9
IscDhcp Version4.1-esv Updater9_b1
IscDhcp Version4.1-esv Updater9_rc1
IscDhcp Version4.1-esv Updaterc1
IscDhcp Version4.1.0 Update-
IscDhcp Version4.4.0
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version17.10
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 29.51% 0.964
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
security-officer@isc.org 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://usn.ubuntu.com/3586-1/
Third Party Advisory
http://www.securityfocus.com/bid/103188
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040437
Third Party Advisory
VDB Entry
https://usn.ubuntu.com/3586-2/
Third Party Advisory