CVE-2018-5733 : A malicious client which is allowed to send very large amounts of traffic (billi

A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.

Published 2019-01-16 20:29:01

Updated 2020-01-09 21:08:06

Source Internet Systems Consortium (ISC)

View at NVD, CVE.org

Vulnerability category: Overflow

Products affected by CVE-2018-5733

Debian » Debian Linux » Version: 7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.5
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
Matching versions
ISC » Dhcp
Versions from including (>=) 4.2.0 and up to, including, (<=) 4.2.8
cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*
Matching versions
ISC » Dhcp
Versions from including (>=) 4.3.0 and up to, including, (<=) 4.3.6
cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv
cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R1
cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R2
cpe:2.3:a:isc:dhcp:4.1-esv:r2:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R3
cpe:2.3:a:isc:dhcp:4.1-esv:r3:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R3 B1
cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update RC1
cpe:2.3:a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1.0
cpe:2.3:a:isc:dhcp:4.1.0:-:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R4
cpe:2.3:a:isc:dhcp:4.1-esv:r4:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R5
cpe:2.3:a:isc:dhcp:4.1-esv:r5:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R5 B1
cpe:2.3:a:isc:dhcp:4.1-esv:r5_b1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R5 Rc1
cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R5 Rc2
cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc2:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R6
cpe:2.3:a:isc:dhcp:4.1-esv:r6:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R10
cpe:2.3:a:isc:dhcp:4.1-esv:r10:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R10 B1
cpe:2.3:a:isc:dhcp:4.1-esv:r10_b1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R11 B1
cpe:2.3:a:isc:dhcp:4.1-esv:r11_b1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R11 Rc1
cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R11 Rc2
cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc2:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R12
cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R12 B1
cpe:2.3:a:isc:dhcp:4.1-esv:r12_b1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R7
cpe:2.3:a:isc:dhcp:4.1-esv:r7:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R8
cpe:2.3:a:isc:dhcp:4.1-esv:r8:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R8 B1
cpe:2.3:a:isc:dhcp:4.1-esv:r8_b1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R8 Rc1
cpe:2.3:a:isc:dhcp:4.1-esv:r8_rc1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R9
cpe:2.3:a:isc:dhcp:4.1-esv:r9:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R9 B1
cpe:2.3:a:isc:dhcp:4.1-esv:r9_b1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R9 Rc1
cpe:2.3:a:isc:dhcp:4.1-esv:r9_rc1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R10 Rc1
cpe:2.3:a:isc:dhcp:4.1-esv:r10_rc1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R11
cpe:2.3:a:isc:dhcp:4.1-esv:r11:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R12 P1
cpe:2.3:a:isc:dhcp:4.1-esv:r12_p1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R13
cpe:2.3:a:isc:dhcp:4.1-esv:r13:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R13 B1
cpe:2.3:a:isc:dhcp:4.1-esv:r13_b1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R14
cpe:2.3:a:isc:dhcp:4.1-esv:r14:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R14 B1
cpe:2.3:a:isc:dhcp:4.1-esv:r14_b1:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.1-esv Update R15
cpe:2.3:a:isc:dhcp:4.1-esv:r15:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 4.4.0
cpe:2.3:a:isc:dhcp:4.4.0:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 17.10
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-5733

EPSS FAQ

7.92%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 94 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-5733

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.9	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H	2.2	3.6	Internet Systems Consortium (ISC)
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2018-5733

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-5733

http://www.securitytracker.com/id/1040437

Dhcp Reference Counter Overflow Lets Remote Users Cause the Target dhcpd Service to Crash - SecurityTracker
Third Party Advisory;VDB Entry
https://access.redhat.com/errata/RHSA-2018:0469

RHSA-2018:0469 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html

[SECURITY] [DLA 1313-1] isc-dhcp security update
Third Party Advisory
https://usn.ubuntu.com/3586-2/

USN-3586-2: DHCP vulnerabilities | Ubuntu security notices
Third Party Advisory
https://usn.ubuntu.com/3586-1/

USN-3586-1: DHCP vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://www.debian.org/security/2018/dsa-4133

Debian -- Security Information -- DSA-4133-1 isc-dhcp
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2018:0483

RHSA-2018:0483 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
https://kb.isc.org/docs/aa-01567

CVE-2018-5733: A malicious client can overflow a reference counter in ISC dhcpd - Security Advisories
Vendor Advisory
http://www.securityfocus.com/bid/103188

ISC DHCP CVE-2018-5733 Remote Denial of Service Vulnerability
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2018-5733

Products affected by CVE-2018-5733

Exploit prediction scoring system (EPSS) score for CVE-2018-5733

CVSS scores for CVE-2018-5733

CWE ids for CVE-2018-5733

References for CVE-2018-5733