CVE-2018-5732 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
isc	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 84%

Vendor	Product	Version
isc	dhcp	4.1.0 ≤ 𝑥 ≤ 4.1.2
isc	dhcp	4.2.0 ≤ 𝑥 < 4.2.8
isc	dhcp	4.3.0 ≤ 𝑥 < 4.3.6
isc	dhcp	4.1-esv
isc	dhcp	4.1-esv:r1
isc	dhcp	4.1-esv:r10
isc	dhcp	4.1-esv:r10b1
isc	dhcp	4.1-esv:r10rc1
isc	dhcp	4.1-esv:r11
isc	dhcp	4.1-esv:r11b1
isc	dhcp	4.1-esv:r11rc1
isc	dhcp	4.1-esv:r11rc2
isc	dhcp	4.1-esv:r12
isc	dhcp	4.1-esv:r12-p1
isc	dhcp	4.1-esv:r12b1
isc	dhcp	4.1-esv:r13
isc	dhcp	4.1-esv:r13b1
isc	dhcp	4.1-esv:r14
isc	dhcp	4.1-esv:r14b1
isc	dhcp	4.1-esv:r15
isc	dhcp	4.1-esv:r2
isc	dhcp	4.1-esv:r3
isc	dhcp	4.1-esv:r3b1
isc	dhcp	4.1-esv:r4
isc	dhcp	4.1-esv:r5
isc	dhcp	4.1-esv:r5b1
isc	dhcp	4.1-esv:r5rc1
isc	dhcp	4.1-esv:r5rc2
isc	dhcp	4.1-esv:r6
isc	dhcp	4.1-esv:r7
isc	dhcp	4.1-esv:r8
isc	dhcp	4.1-esv:r8b1
isc	dhcp	4.1-esv:r8rc1
isc	dhcp	4.1-esv:r9
isc	dhcp	4.1-esv:r9b1
isc	dhcp	4.1-esv:r9rc1
isc	dhcp	4.1.2:p1
isc	dhcp	4.4.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

isc-dhcp

bullseye	4.4.1-2.3+deb11u2 fixed
bullseye (security)	4.4.1-2.3+deb11u1 fixed
bookworm	4.4.3-P1-2 fixed
sid	4.4.3-P1-5 fixed
trixie	4.4.3-P1-5 fixed

Ubuntu Releases

Ubuntu Product

Codename

isc-dhcp

bionic	Fixed 4.3.5-3ubuntu5 released
artful	Fixed 4.3.5-3ubuntu2.2 released
xenial	Fixed 4.3.3-5ubuntu12.9 released
trusty	Fixed 4.2.4-7ubuntu12.12 released

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

https://kb.isc.org/docs/aa-01565

https://kb.isc.org/docs/aa-01565