rpm package
suse/dhcp&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
pkg:rpm/suse/dhcp&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-5732 | — | < 4.2.4.P2-0.28.8.1 | 4.2.4.P2-0.28.8.1 | Oct 9, 2019 | Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affe | ||
| CVE-2018-5733 | — | < 4.2.4.P2-0.28.8.1 | 4.2.4.P2-0.28.8.1 | Jan 16, 2019 | A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0. | ||
| CVE-2017-3144 | — | < 4.2.4.P2-0.28.5.3 | 4.2.4.P2-0.28.5.3 | Jan 16, 2019 | A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected bu | ||
| CVE-2016-2774 | Med | 5.9 | < 4.2.4.P2-0.27.1 | 4.2.4.P2-0.27.1 | Mar 9, 2016 | ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions. | |
| CVE-2015-8605 | Med | 6.5 | < 4.2.4.P2-0.24.1 | 4.2.4.P2-0.24.1 | Jan 14, 2016 | ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet. |
- CVE-2018-5732Oct 9, 2019affected < 4.2.4.P2-0.28.8.1fixed 4.2.4.P2-0.28.8.1
Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affe
- CVE-2018-5733Jan 16, 2019affected < 4.2.4.P2-0.28.8.1fixed 4.2.4.P2-0.28.8.1
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.
- CVE-2017-3144Jan 16, 2019affected < 4.2.4.P2-0.28.5.3fixed 4.2.4.P2-0.28.5.3
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected bu
- affected < 4.2.4.P2-0.27.1fixed 4.2.4.P2-0.27.1
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.
- affected < 4.2.4.P2-0.24.1fixed 4.2.4.P2-0.24.1
ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.