CVE-2016-2774

Published: 09 March 2016

ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.

Priority

Low

CVSS 3 base score: 5.9

Status

Package Release Status
isc-dhcp
Launchpad, Ubuntu, Debian
Upstream
Released (4.3.4)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(4.3.5-3ubuntu2)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(4.3.5-3ubuntu2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.3.5-3ubuntu2)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (4.3.3-5ubuntu12.9)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (4.2.4-7ubuntu12.12)
Patches:
Upstream: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=0b209ea5cc333255e055113fa2ad636dda681a21