CVE-2018-5733

Name of the Vulnerable Software and Affected Versions ISC DHCP versions 4.1.0 through 4.1-ESV-R15 ISC DHCP versions 4.2.0 through 4.2.8 ISC DHCP versions 4.3.0 through 4.3.6 ISC DHCP versions 4.4.0

Description The issue is caused by the potential overflow of a 32-bit reference counter when a malicious client sends a large amount of traffic to a DHCP server. This can cause the dhcpd service to crash, resulting in a denial of service. A remote attacker can exploit this by sending a large number of specially crafted DHCP requests, potentially exceeding a billion packets.

Recommendations For ISC DHCP versions 4.1.0 through 4.1-ESV-R15, update to a version that fixes the issue. For ISC DHCP versions 4.2.0 through 4.2.8, update to a version that fixes the issue. For ISC DHCP versions 4.3.0 through 4.3.6, update to a version that fixes the issue. For ISC DHCP versions 4.4.0, update to a version that fixes the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.