CVE-2016-2774

ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
VendorProductVersion
iscdhcp
4.1-esv
iscdhcp
4.1-esv:r1
iscdhcp
4.1-esv:r10
iscdhcp
4.1-esv:r10_b1
iscdhcp
4.1-esv:r11_b1
iscdhcp
4.1-esv:r11_rc1
iscdhcp
4.1-esv:r11_rc2
iscdhcp
4.1-esv:r12
iscdhcp
4.1-esv:r12_b1
iscdhcp
4.1-esv:r2
iscdhcp
4.1-esv:r3
iscdhcp
4.1-esv:r3_b1
iscdhcp
4.1-esv:r4
iscdhcp
4.1-esv:r5
iscdhcp
4.1-esv:r5_b1
iscdhcp
4.1-esv:r5_rc1
iscdhcp
4.1-esv:r5_rc2
iscdhcp
4.1-esv:r6
iscdhcp
4.1-esv:r7
iscdhcp
4.1-esv:r8
iscdhcp
4.1-esv:r8_b1
iscdhcp
4.1-esv:r8_rc1
iscdhcp
4.1-esv:r9
iscdhcp
4.1-esv:r9_b1
iscdhcp
4.1-esv:r9_rc1
iscdhcp
4.1-esv:rc1
iscdhcp
4.1.0
iscdhcp
4.1.0:a1
iscdhcp
4.1.0:a2
iscdhcp
4.1.0:b1
iscdhcp
4.1.1
iscdhcp
4.1.1:b1
iscdhcp
4.1.1:b2
iscdhcp
4.1.1:b3
iscdhcp
4.1.1:p1
iscdhcp
4.1.1:rc1
iscdhcp
4.1.2
iscdhcp
4.1.2:b1
iscdhcp
4.1.2:p1
iscdhcp
4.1.2:rc1
iscdhcp
4.2.0
iscdhcp
4.2.0:a1
iscdhcp
4.2.0:a2
iscdhcp
4.2.0:b1
iscdhcp
4.2.0:b2
iscdhcp
4.2.0:p1
iscdhcp
4.2.0:p2
iscdhcp
4.2.0:rc1
iscdhcp
4.2.1
iscdhcp
4.2.1:b1
iscdhcp
4.2.1:p1
iscdhcp
4.2.1:rc1
iscdhcp
4.2.2
iscdhcp
4.2.2:b1
iscdhcp
4.2.2:rc1
iscdhcp
4.2.3
iscdhcp
4.2.3:p1
iscdhcp
4.2.3:p2
iscdhcp
4.2.4
iscdhcp
4.2.4:b1
iscdhcp
4.2.4:p1
iscdhcp
4.2.4:p2
iscdhcp
4.2.4:rc1
iscdhcp
4.2.4:rc2
iscdhcp
4.2.5
iscdhcp
4.2.5:b1
iscdhcp
4.2.5:p1
iscdhcp
4.2.5:rc1
iscdhcp
4.2.6
iscdhcp
4.2.6:b1
iscdhcp
4.2.6:rc1
iscdhcp
4.2.7
iscdhcp
4.2.7:b1
iscdhcp
4.2.7:rc1
iscdhcp
4.2.8
iscdhcp
4.2.8:b1
iscdhcp
4.2.8:rc1
iscdhcp
4.2.8:rc2
iscdhcp
4.3.0
iscdhcp
4.3.0:a1
iscdhcp
4.3.0:b1
iscdhcp
4.3.0:rc1
iscdhcp
4.3.1
iscdhcp
4.3.1:b1
iscdhcp
4.3.1:rc1
iscdhcp
4.3.2
iscdhcp
4.3.2:b1
iscdhcp
4.3.2:rc1
iscdhcp
4.3.2:rc2
iscdhcp
4.3.3
iscdhcp
4.3.3:b1
debiandebian_linux
8.0
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
17.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
isc-dhcp
bullseye
4.4.1-2.3+deb11u2
fixed
wheezy
no-dsa
bullseye (security)
4.4.1-2.3+deb11u1
fixed
bookworm
4.4.3-P1-2
fixed
sid
4.4.3-P1-5
fixed
trixie
4.4.3-P1-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
isc-dhcp
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
not-affected
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
not-affected
zesty
ignored
yakkety
ignored
xenial
Fixed 4.3.3-5ubuntu12.9
released
wily
ignored
trusty
Fixed 4.2.4-7ubuntu12.12
released
precise
ignored
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.html
http://lists.opensuse.org/opensuse-updates/2016-07/msg00066.html
http://rhn.redhat.com/errata/RHSA-2016-2590.html
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.securityfocus.com/bid/84208
http://www.securitytracker.com/id/1035196
https://kb.isc.org/article/AA-01354
https://lists.debian.org/debian-lts-announce/2019/11/msg00023.html
https://usn.ubuntu.com/3586-1/
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.html
http://lists.opensuse.org/opensuse-updates/2016-07/msg00066.html
http://rhn.redhat.com/errata/RHSA-2016-2590.html
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.securityfocus.com/bid/84208
http://www.securitytracker.com/id/1035196
https://kb.isc.org/article/AA-01354
https://lists.debian.org/debian-lts-announce/2019/11/msg00023.html
https://usn.ubuntu.com/3586-1/