A malicious client can overflow a reference counter in ISC dhcpd

CVE-2018-5733

5.9MEDIUM

Key Information

Vendor: Isc
Status: Isc Dhcp
Vendor: CVE Published:; 16 January 2019

Summary

A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.

Affected Version(s)

ISC DHCP = ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 7.5 to: 5.9 - (MEDIUM)
Feb 22, 2024
Vulnerability published.
Jan 16, 2019
Vulnerability Reserved.
Jan 17, 2018

Collectors

NVD DatabaseMitre Database

Credit

ISC would like to thank Felix Wilhelm, Google Security Team, for reporting this vulnerability.