CVE-2018-5732
Description
Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
2.06
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| DHCP server and client (USN-3586-1) isc-dhcp-relay_4.3.3-5ubuntu12.9_i386.deb | Linux |
| DHCP server and client (USN-3586-1) isc-dhcp-relay_4.3.3-5ubuntu12.9_amd64.deb | Linux |
| DHCP server and client (USN-3586-1) isc-dhcp-relay_4.2.4-7ubuntu12.12_i386.deb | Linux |
| DHCP server and client (USN-3586-1) isc-dhcp-relay_4.2.4-7ubuntu12.12_amd64.deb | Linux |
| DHCP server and client (USN-3586-1) isc-dhcp-client_4.3.3-5ubuntu12.9_i386.deb | Linux |
| DHCP server and client (USN-3586-1) isc-dhcp-client_4.3.3-5ubuntu12.9_amd64.deb | Linux |
| DHCP server and client (USN-3586-1) isc-dhcp-client_4.2.4-7ubuntu12.12_i386.deb | Linux |
| DHCP server and client (USN-3586-1) isc-dhcp-client_4.2.4-7ubuntu12.12_amd64.deb | Linux |
| DHCP server and client (USN-3586-1) isc-dhcp-server_4.3.3-5ubuntu12.9_i386.deb | Linux |
| DHCP server and client (USN-3586-1) isc-dhcp-server_4.3.3-5ubuntu12.9_amd64.deb | Linux |
| DHCP server and client (USN-3586-1) isc-dhcp-server_4.2.4-7ubuntu12.12_i386.deb | Linux |
| DHCP server and client (USN-3586-1) isc-dhcp-server_4.2.4-7ubuntu12.12_amd64.deb | Linux |
| DHCP server and client (USN-3586-1) isc-dhcp-server-ldap_4.3.3-5ubuntu12.9_i386.deb | Linux |
| DHCP server and client (USN-3586-1) isc-dhcp-server-ldap_4.3.3-5ubuntu12.9_amd64.deb | Linux |
| DHCP server and client (USN-3586-1) isc-dhcp-server-ldap_4.2.4-7ubuntu12.12_i386.deb | Linux |
| DHCP server and client (USN-3586-1) isc-dhcp-server-ldap_4.2.4-7ubuntu12.12_amd64.deb | Linux |
| (RHSA-2018:0469) Important: dhcp security update dhclient-4.1.1-53.P1.el6_9.3.i686.rpm | Linux |
| (RHSA-2018:0469) Important: dhcp security update dhclient-4.1.1-53.P1.el6_9.3.x86_64.rpm | Linux |
| (RHSA-2018:0469) Important: dhcp security update dhcp-4.1.1-53.P1.el6_9.3.i686.rpm | Linux |
| (RHSA-2018:0469) Important: dhcp security update dhcp-4.1.1-53.P1.el6_9.3.x86_64.rpm | Linux |
| (RHSA-2018:0469) Important: dhcp security update dhcp-common-4.1.1-53.P1.el6_9.3.i686.rpm | Linux |
| (RHSA-2018:0469) Important: dhcp security update dhcp-common-4.1.1-53.P1.el6_9.3.x86_64.rpm | Linux |
| (RHSA-2018:0469) Important: dhcp security update dhcp-devel-4.1.1-53.P1.el6_9.3.i686.rpm | Linux |
| (RHSA-2018:0469) Important: dhcp security update dhcp-devel-4.1.1-53.P1.el6_9.3.x86_64.rpm | Linux |
| (RHSA-2018:0483) Important: dhcp security update dhclient-4.2.5-58.el7_4.3.x86_64.rpm | Linux |
| (RHSA-2018:0483) Important: dhcp security update dhcp-4.2.5-58.el7_4.3.x86_64.rpm | Linux |
| (RHSA-2018:0483) Important: dhcp security update dhcp-common-4.2.5-58.el7_4.3.x86_64.rpm | Linux |
| (RHSA-2018:0483) Important: dhcp security update dhcp-devel-4.2.5-58.el7_4.3.i686.rpm | Linux |
| (RHSA-2018:0483) Important: dhcp security update dhcp-devel-4.2.5-58.el7_4.3.x86_64.rpm | Linux |
| (RHSA-2018:0483) Important: dhcp security update dhcp-libs-4.2.5-58.el7_4.3.i686.rpm | Linux |
| (RHSA-2018:0483) Important: dhcp security update dhcp-libs-4.2.5-58.el7_4.3.x86_64.rpm | Linux |
| SUSE-SU-2018:0810-1(SUSE Linux Enterprise Server 11-SP4 ) dhcp-4.2.4.P2-0.28.8.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0810-1(SUSE Linux Enterprise Server 11-SP4 ) dhcp-client-4.2.4.P2-0.28.8.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0810-1(SUSE Linux Enterprise Server 11-SP4 ) dhcp-relay-4.2.4.P2-0.28.8.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0810-1(SUSE Linux Enterprise Server 11-SP4 ) dhcp-server-4.2.4.P2-0.28.8.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0812-1(SUSE Linux Enterprise Desktop 12-SP2 ) dhcp-4.3.3-10.14.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0812-1(SUSE Linux Enterprise Desktop 12-SP2 ) dhcp-client-4.3.3-10.14.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0812-1(SUSE Linux Enterprise Desktop 12-SP2 ) dhcp-client-debuginfo-4.3.3-10.14.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0812-1(SUSE Linux Enterprise Desktop 12-SP2 ) dhcp-debuginfo-4.3.3-10.14.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0812-1(SUSE Linux Enterprise Desktop 12-SP2 ) dhcp-debugsource-4.3.3-10.14.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0812-1(SUSE Linux Enterprise Server 12-SP2 ) dhcp-relay-4.3.3-10.14.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0812-1(SUSE Linux Enterprise Server 12-SP2 ) dhcp-relay-debuginfo-4.3.3-10.14.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0812-1(SUSE Linux Enterprise Server 12-SP2 ) dhcp-server-4.3.3-10.14.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0812-1(SUSE Linux Enterprise Server 12-SP2 ) dhcp-server-debuginfo-4.3.3-10.14.1.x86_64.rpm | Linux |
| Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2018-5732) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234