#VU10791 Memory corruption in DHCP - CVE-2018-5733
Published: March 1, 2018
Vulnerability identifier: #VU10791
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-5733
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
DHCP
DHCP
Software vendor:
ISC
ISC
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the dhcpd due to improper handling of reference counting when processing client requests. A remote attacker can send large amounts of data to the target server can send a large number of packets, trigger a reference counter overflow and cause the target dhcpd service to consume all available memory and crash.
The weakness exists in the dhcpd due to improper handling of reference counting when processing client requests. A remote attacker can send large amounts of data to the target server can send a large number of packets, trigger a reference counter overflow and cause the target dhcpd service to consume all available memory and crash.
Remediation
Update to versions 4.1-ESV-R15-P1, 4.3.6-P1 or 4.4.1.