CVE-2018-5733

CWE-190Integer Overflow10 documents8 sources
Severity
7.5HIGH
EPSS
11.3%
top 6.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
ISC DhcpISC ISC DhcpCanonical Ubuntu Linux+6 more
Timeline
PublishedJan 16
Latest updateMay 13

Description

A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

Debianisc-dhcp< 4.3.5-3.1+2
NVDisc/dhcp4.2.04.2.8+4
CVEListV5isc/isc_dhcpISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, Enterprise Linux 7.4, 7.6, 7.5

🔴Vulnerability Details

3
GHSA
GHSA-6f7q-j62j-5545: A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit refe2022-05-13
OSV
CVE-2018-5733: A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit refe2019-01-16
CVEList
A malicious client can overflow a reference counter in ISC dhcpd2019-01-16

📋Vendor Advisories

4
Ubuntu
DHCP vulnerabilities2018-05-28
Ubuntu
DHCP vulnerabilities2018-03-01
Red Hat
dhcp: Reference count overflow in dhcpd allows denial of service2018-02-28
Debian
CVE-2018-5733: isc-dhcp - A malicious client which is allowed to send very large amounts of traffic (billi...2018

💬Community

2
Bugzilla
CVE-2018-5732 CVE-2018-5733 dhcp: various flaws [fedora-all]2018-02-28
Bugzilla
CVE-2018-5733 dhcp: Reference count overflow in dhcpd allows denial of service2018-02-28