CVE-2017-3144
Severity
7.5HIGH
EPSS
17.6%
top 4.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 16
Latest updateMay 13
Description
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages7 packages
▶CVEListV5isc/isc_dhcpISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.
Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, Enterprise Linux 7.4, 7.6, 7.5
🔴Vulnerability Details
4GHSA▶
GHSA-4wqw-h6w8-f8qg: A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available↗2022-05-13
CVEList
▶
OSV▶
CVE-2017-3144: A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available↗2019-01-16