Integer Overflow or Wraparound Affecting dhcp-common package, versions <12:4.2.5-58.el7_4.3


Severity

Recommended
high

Based on CentOS security rating.

Threat Intelligence

EPSS
7.33% (95th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS7-DHCPCOMMON-2098843
  • published26 Jul 2021
  • disclosed28 Feb 2018

Introduced: 28 Feb 2018

CVE-2018-5733  (opens in a new tab)
CWE-190  (opens in a new tab)

How to fix?

Upgrade Centos:7 dhcp-common to version 12:4.2.5-58.el7_4.3 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream dhcp-common package and not the dhcp-common package as distributed by Centos. See How to fix? for Centos:7 relevant fixed versions and status.

A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.

CVSS Scores

version 3.1