CVE-2017-3144

high

Description

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.

References

https://www.debian.org/security/2018/dsa-4133

https://usn.ubuntu.com/3586-1/

https://kb.isc.org/docs/aa-01541

https://access.redhat.com/errata/RHSA-2018:0158

http://www.securitytracker.com/id/1040194

http://www.securityfocus.com/bid/102726

Details

Source: Mitre, NVD

Published: 2019-01-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High