CVE-2018-5732

CWE-119 — Buffer Overflow10 documents8 sources

Severity

7.5HIGH

EPSS

3.6%

top 12.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Dhcp ISC ISC Dhcp

Timeline

PublishedOct 9

Latest updateMay 24

Description

Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDisc/dhcp4.2.0 — 4.2.8+5

▶Debianisc-dhcp< 4.3.5-3.1+2

▶CVEListV5isc/isc_dhcpISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0

🔴Vulnerability Details

GHSA

GHSA-j4cm-vph7-f7qg: Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause↗2022-05-24

▶

OSV

CVE-2018-5732: Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause↗2019-10-09

▶

CVEList

A specially constructed response from a malicious server can cause a buffer overflow in dhclient↗2019-10-09

▶

📋Vendor Advisories

Ubuntu

DHCP vulnerabilities↗2018-05-28

▶

Ubuntu

DHCP vulnerabilities↗2018-03-01

▶

Red Hat

dhcp: Buffer overflow in dhclient possibly allowing code execution triggered by malicious server↗2018-02-28

▶

Debian

CVE-2018-5732: isc-dhcp - Failure to properly bounds-check a buffer used for processing DHCP options allow...↗2018

▶

💬Community

Bugzilla

CVE-2018-5732 CVE-2018-5733 dhcp: various flaws [fedora-all]↗2018-02-28

▶

Bugzilla

CVE-2018-5732 dhcp: Buffer overflow in dhclient possibly allowing code execution triggered by malicious server↗2018-02-28

▶