Out-of-Bounds Affecting dhclient package, versions <12:4.2.5-58.el7_4.3


Severity

Recommended
0.0
high
0
10

Based on CentOS security rating.

Threat Intelligence

EPSS
0.16% (54th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS7-DHCLIENT-2099843
  • published26 Jul 2021
  • disclosed28 Feb 2018

Introduced: 28 Feb 2018

CVE-2018-5732  (opens in a new tab)
CWE-119  (opens in a new tab)

How to fix?

Upgrade Centos:7 dhclient to version 12:4.2.5-58.el7_4.3 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream dhclient package and not the dhclient package as distributed by Centos. See How to fix? for Centos:7 relevant fixed versions and status.

Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0

CVSS Scores

version 3.1