Memory corruption in DHCP - CVE-2018-5733
Published: March 1, 2018
Vulnerability identifier: #VU10791
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-5733
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: ISC
Affected software:
DHCP
DHCP
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the dhcpd due to improper handling of reference counting when processing client requests. A remote attacker can send large amounts of data to the target server can send a large number of packets, trigger a reference counter overflow and cause the target dhcpd service to consume all available memory and crash.
The weakness exists in the dhcpd due to improper handling of reference counting when processing client requests. A remote attacker can send large amounts of data to the target server can send a large number of packets, trigger a reference counter overflow and cause the target dhcpd service to consume all available memory and crash.
How to mitigate CVE-2018-5733
Update to versions 4.1-ESV-R15-P1, 4.3.6-P1 or 4.4.1.