CVE-2018-5732

Impact:: Important
Public Date:: 2018-02-28
CWE:: CWE-119

Bugzilla:: 1549960: CVE-2018-5732 dhcp: Buffer overflow in dhclient possibly allowing code execution triggered by malicious server

An out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running on DHCP client machines via a crafted DHCP response packet.

Find out more about CVE-2018-5732 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score	7.5
CVSS3 Base Metrics	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector	Network
Attack Complexity	High
Privileges Required	None
User Interaction	Required
Scope	Unchanged
Confidentiality	High
Integrity Impact	High
Availability Impact	High

Red Hat Security Errata

Platform	Errata	Release Date
Red Hat Enterprise Linux 7 (dhcp)	RHSA-2018:0483	2018-03-12
Red Hat Enterprise Linux 6 (dhcp)	RHSA-2018:0469	2018-03-09

Affected Packages State

Platform	Package	State
Red Hat Enterprise Linux 5	dhcp	Will not fix

Acknowledgements

Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Felix Wilhelm (Google) as the original reporter.

External References

https://kb.isc.org/article/AA-01565

Last Modified 2018-05-02T12:28:30+00:00

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories