CVE-2017-3144

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
iscCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
iscdhcp
4.2.0 ≤
𝑥
≤ 4.2.8
iscdhcp
4.3.0 ≤
𝑥
≤ 4.3.6
iscdhcp
4.1-esv
iscdhcp
4.1-esv:r1
iscdhcp
4.1-esv:r10
iscdhcp
4.1-esv:r10_b1
iscdhcp
4.1-esv:r10_rc1
iscdhcp
4.1-esv:r11
iscdhcp
4.1-esv:r11_b1
iscdhcp
4.1-esv:r11_rc1
iscdhcp
4.1-esv:r11_rc2
iscdhcp
4.1-esv:r12
iscdhcp
4.1-esv:r12_b1
iscdhcp
4.1-esv:r12_p1
iscdhcp
4.1-esv:r13
iscdhcp
4.1-esv:r13_b1
iscdhcp
4.1-esv:r14
iscdhcp
4.1-esv:r14_b1
iscdhcp
4.1-esv:r15
iscdhcp
4.1-esv:r2
iscdhcp
4.1-esv:r3
iscdhcp
4.1-esv:r3_b1
iscdhcp
4.1-esv:r4
iscdhcp
4.1-esv:r5
iscdhcp
4.1-esv:r5_b1
iscdhcp
4.1-esv:r5_rc1
iscdhcp
4.1-esv:r5_rc2
iscdhcp
4.1-esv:r6
iscdhcp
4.1-esv:r7
iscdhcp
4.1-esv:r8
iscdhcp
4.1-esv:r8_b1
iscdhcp
4.1-esv:r8_rc1
iscdhcp
4.1-esv:r9
iscdhcp
4.1-esv:r9_b1
iscdhcp
4.1-esv:r9_rc1
iscdhcp
4.1.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
7.4
redhatenterprise_linux_server_aus
7.6
redhatenterprise_linux_server_eus
7.4
redhatenterprise_linux_server_eus
7.5
redhatenterprise_linux_server_eus
7.6
redhatenterprise_linux_server_tus
7.4
redhatenterprise_linux_server_tus
7.6
redhatenterprise_linux_workstation
7.0
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
17.10
debiandebian_linux
8.0
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
isc-dhcp
bullseye
4.4.1-2.3+deb11u2
fixed
wheezy
no-dsa
bullseye (security)
4.4.1-2.3+deb11u1
fixed
bookworm
4.4.3-P1-2
fixed
sid
4.4.3-P1-5
fixed
trixie
4.4.3-P1-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
isc-dhcp
hirsute
Fixed 4.3.5-3ubuntu5
released
groovy
Fixed 4.3.5-3ubuntu5
released
focal
Fixed 4.3.5-3ubuntu5
released
eoan
Fixed 4.3.5-3ubuntu5
released
disco
Fixed 4.3.5-3ubuntu5
released
cosmic
Fixed 4.3.5-3ubuntu5
released
bionic
Fixed 4.3.5-3ubuntu5
released
artful
Fixed 4.3.5-3ubuntu2.2
released
xenial
Fixed 4.3.3-5ubuntu12.9
released
trusty
Fixed 4.2.4-7ubuntu12.12
released
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/102726
http://www.securitytracker.com/id/1040194
https://access.redhat.com/errata/RHSA-2018:0158
https://kb.isc.org/docs/aa-01541
https://usn.ubuntu.com/3586-1/
https://www.debian.org/security/2018/dsa-4133
http://www.securityfocus.com/bid/102726
http://www.securitytracker.com/id/1040194
https://access.redhat.com/errata/RHSA-2018:0158
https://kb.isc.org/docs/aa-01541
https://usn.ubuntu.com/3586-1/
https://www.debian.org/security/2018/dsa-4133