Denial of Service Vulnerability in ISC DHCP by ISC
CVE-2016-2774

5.9MEDIUM

Key Information:

Vendor

Isc
Status
Dhcp
Vendor
CVE Published:
9 March 2016

What is CVE-2016-2774?

The ISC DHCP service versions prior to 4.1-ESV-R13 and 4.3.4 are susceptible to a denial of service attack resulting from the inability to limit concurrent TCP sessions. This flaw allows malicious actors to disrupt service by opening multiple TCP connections, leading to potential request-processing failures or assertion errors that can incapacitate the DHCP service. Administrators are urged to review the impacted versions and apply corrective measures to mitigate the risks.

References

http://rhn.redhat.com/errata/RHSA-2016-2590.html
vendor-advisoryx_refsource_REDHAT
http://www.securitytracker.com/id/1035196
vdb-entryx_refsource_SECTRACK
https://kb.isc.org/article/AA-01354
x_refsource_CONFIRM

EPSS Score

63% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.