Vulnerability Details CVE-2018-5732
Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0
Exploit prediction scoring system (EPSS) score
EPSS Score 0.023
EPSS Ranking 84.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
Products affected by CVE-2018-5732
-
cpe:2.3:a:isc:dhcp:4.1-esv
-
cpe:2.3:a:isc:dhcp:4.1.0
-
cpe:2.3:a:isc:dhcp:4.1.1
-
cpe:2.3:a:isc:dhcp:4.1.2
-
cpe:2.3:a:isc:dhcp:4.2.0
-
cpe:2.3:a:isc:dhcp:4.2.1
-
cpe:2.3:a:isc:dhcp:4.2.2
-
cpe:2.3:a:isc:dhcp:4.2.3
-
cpe:2.3:a:isc:dhcp:4.2.4
-
cpe:2.3:a:isc:dhcp:4.2.5
-
cpe:2.3:a:isc:dhcp:4.2.6
-
cpe:2.3:a:isc:dhcp:4.2.7
-
cpe:2.3:a:isc:dhcp:4.3.0
-
cpe:2.3:a:isc:dhcp:4.3.1
-
cpe:2.3:a:isc:dhcp:4.3.2
-
cpe:2.3:a:isc:dhcp:4.3.3
-
cpe:2.3:a:isc:dhcp:4.3.5
-
cpe:2.3:a:isc:dhcp:4.4.0