rpm package
suse/dhcp&distro=SUSE Linux Enterprise Server 11 SP3-LTSS
pkg:rpm/suse/dhcp&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-5732 | — | < 4.2.4.P2-0.28.8.1 | 4.2.4.P2-0.28.8.1 | Oct 9, 2019 | Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affe | ||
| CVE-2018-5733 | — | < 4.2.4.P2-0.28.8.1 | 4.2.4.P2-0.28.8.1 | Jan 16, 2019 | A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0. | ||
| CVE-2016-2774 | Med | 5.9 | < 4.2.4.P2-0.27.1 | 4.2.4.P2-0.27.1 | Mar 9, 2016 | ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions. |
- CVE-2018-5732Oct 9, 2019affected < 4.2.4.P2-0.28.8.1fixed 4.2.4.P2-0.28.8.1
Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affe
- CVE-2018-5733Jan 16, 2019affected < 4.2.4.P2-0.28.8.1fixed 4.2.4.P2-0.28.8.1
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.
- affected < 4.2.4.P2-0.27.1fixed 4.2.4.P2-0.27.1
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.