CVE-2016-2774

CWE-20 — Improper Input Validation CWE-400 — Uncontrolled Resource Consumption11 documents8 sources

Severity

5.9MEDIUM

EPSS

65.6%

top 1.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Canonical Ubuntu Linux Debian Debian Linux ISC Dhcp

Timeline

PublishedMar 9

Latest updateMay 13

Description

ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶Debianisc-dhcp< 4.3.4-1+2

▶Ubuntuisc-dhcp< 4.2.4-7ubuntu12.12+1

▶NVDisc/dhcp17 versions+16

Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, 17.10

🔴Vulnerability Details

GHSA

GHSA-rg7r-5jqm-6r7j: ISC DHCP 4↗2022-05-13

▶

OSV

isc-dhcp vulnerabilities↗2018-03-01

▶

OSV

erlang vulnerabilities↗2018-02-14

▶

CVEList

CVE-2016-2774: ISC DHCP 4↗2016-03-09

▶

OSV

CVE-2016-2774: ISC DHCP 4↗2016-03-09

▶

📋Vendor Advisories

Ubuntu

DHCP vulnerabilities↗2018-03-01

▶

Red Hat

dhcp: unclosed TCP connections to OMAPI or failover ports can cause DoS↗2016-03-07

▶

Debian

CVE-2016-2774: isc-dhcp - ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not rest...↗2016

▶

💬Community

Bugzilla

CVE-2016-2774 dhcp: Opening and never closing TCP connections can cause DoS [fedora-all]↗2016-03-08

▶

Bugzilla

CVE-2016-2774 dhcp: unclosed TCP connections to OMAPI or failover ports can cause DoS↗2016-03-07

▶