7.5
CWE
190
Advisory Published
CVE Published
Updated

CVE-2018-5733: A malicious client can overflow a reference counter in ISC dhcpd

First published: Wed Feb 28 2018(Updated: )

A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Versions of DHCP affected: 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0

Credit: security-officer@isc.org security-officer@isc.org

Affected SoftwareAffected VersionHow to fix
ISC DHCP>=4.2.0<=4.2.8
ISC DHCP>=4.3.0<=4.3.6
ISC DHCP=4.1-esv
ISC DHCP=4.1-esv-r1
ISC DHCP=4.1-esv-r10
ISC DHCP=4.1-esv-r10_b1
ISC DHCP=4.1-esv-r10_rc1
ISC DHCP=4.1-esv-r11
ISC DHCP=4.1-esv-r11_b1
ISC DHCP=4.1-esv-r11_rc1
ISC DHCP=4.1-esv-r11_rc2
ISC DHCP=4.1-esv-r12
ISC DHCP=4.1-esv-r12_b1
ISC DHCP=4.1-esv-r12_p1
ISC DHCP=4.1-esv-r13
ISC DHCP=4.1-esv-r13_b1
ISC DHCP=4.1-esv-r14
ISC DHCP=4.1-esv-r14_b1
ISC DHCP=4.1-esv-r15
ISC DHCP=4.1-esv-r2
ISC DHCP=4.1-esv-r3
ISC DHCP=4.1-esv-r3_b1
ISC DHCP=4.1-esv-r4
ISC DHCP=4.1-esv-r5
ISC DHCP=4.1-esv-r5_b1
ISC DHCP=4.1-esv-r5_rc1
ISC DHCP=4.1-esv-r5_rc2
ISC DHCP=4.1-esv-r6
ISC DHCP=4.1-esv-r7
ISC DHCP=4.1-esv-r8
ISC DHCP=4.1-esv-r8_b1
ISC DHCP=4.1-esv-r8_rc1
ISC DHCP=4.1-esv-r9
ISC DHCP=4.1-esv-r9_b1
ISC DHCP=4.1-esv-r9_rc1
ISC DHCP=4.1-esv-rc1
ISC DHCP=4.1.0
ISC DHCP=4.4.0
Redhat Enterprise Linux Desktop=6.0
Redhat Enterprise Linux Desktop=7.0
Redhat Enterprise Linux Server=6.0
Redhat Enterprise Linux Server=7.0
Redhat Enterprise Linux Server Aus=7.4
Redhat Enterprise Linux Server Aus=7.6
Redhat Enterprise Linux Server Eus=7.4
Redhat Enterprise Linux Server Eus=7.5
Redhat Enterprise Linux Server Eus=7.6
Redhat Enterprise Linux Workstation=6.0
Redhat Enterprise Linux Workstation=7.0
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=17.10
Debian Debian Linux=7.0
Debian Debian Linux=8.0
Debian Debian Linux=9.0
redhat/dhcp<4.1
4.1
redhat/dhcp<4.3.6
4.3.6
redhat/dhcp<4.4.1
4.4.1
debian/isc-dhcp
4.4.1-2.3+deb11u2
4.4.1-2.3+deb11u1
4.4.3-P1-2
4.4.3-P1-5

Remedy

Upgrade to the patched release most closely related to your current version of DHCP. DHCP 4.1-ESV-R15-P1 DHCP 4.3.6-P1 DHCP 4.4.1

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203