CVE-2017-3144

high-risk

Published 2019-01-16

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.

Do I need to act?

17.6% chance of exploitation in next 30 days

EPSS score — higher than 82% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

Dhcp

Affected Vendors

Debian Redhat Isc Canonical

References (12)

Third Party Advisory http://www.securityfocus.com/bid/102726

Third Party Advisory http://www.securitytracker.com/id/1040194

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:0158

Vendor Advisory https://kb.isc.org/docs/aa-01541

Third Party Advisory https://usn.ubuntu.com/3586-1/

Third Party Advisory https://www.debian.org/security/2018/dsa-4133

Third Party Advisory http://www.securityfocus.com/bid/102726

Third Party Advisory http://www.securitytracker.com/id/1040194

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:0158

Vendor Advisory https://kb.isc.org/docs/aa-01541

Third Party Advisory https://usn.ubuntu.com/3586-1/

Third Party Advisory https://www.debian.org/security/2018/dsa-4133

/ 100

high-risk

Severity 26/34 · High

Exploitability 13/34 · Low

Exposure 26/34 · High