CVE-2017-3144

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.

Published: Jan 16, 2019
Updated: Apr 13, 2023
CVE: CVE-2017-3144
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
isc / dhcp	4.1-esv-r3_b1	4.1-esv-r3_b1.x
isc / dhcp	4.1-esv-r3	4.1-esv-r3.x
isc / dhcp	4.1-esv-r5_rc2	4.1-esv-r5_rc2.x
isc / dhcp	4.1.0	4.1.0.x
isc / dhcp	4.1-esv-r12	4.1-esv-r12.x
isc / dhcp	4.1-esv-r2	4.1-esv-r2.x
isc / dhcp	4.1-esv-r11_rc1	4.1-esv-r11_rc1.x
isc / dhcp	4.1-esv-r11_b1	4.1-esv-r11_b1.x
isc / dhcp	4.1-esv-r8_rc1	4.1-esv-r8_rc1.x
isc / dhcp	4.1-esv-r8	4.1-esv-r8.x
isc / dhcp	4.1-esv-r9_rc1	4.1-esv-r9_rc1.x
isc / dhcp	4.1-esv-r10_b1	4.1-esv-r10_b1.x
isc / dhcp	4.1-esv-r9_b1	4.1-esv-r9_b1.x
isc / dhcp	4.1-esv-r5_rc1	4.1-esv-r5_rc1.x
isc / dhcp	4.1-esv-r10	4.1-esv-r10.x
isc / dhcp	4.1-esv-r12_b1	4.1-esv-r12_b1.x
isc / dhcp	4.1-esv-r11_rc2	4.1-esv-r11_rc2.x
isc / dhcp	4.1-esv-r1	4.1-esv-r1.x
isc / dhcp	4.1-esv-r5	4.1-esv-r5.x
isc / dhcp	4.1-esv-r8_b1	4.1-esv-r8_b1.x
isc / dhcp	4.1-esv-r5_b1	4.1-esv-r5_b1.x
isc / dhcp	4.1-esv-r9	4.1-esv-r9.x
isc / dhcp	4.1-esv-r4	4.1-esv-r4.x
isc / dhcp	4.1-esv-r6	4.1-esv-r6.x
isc / dhcp	4.1-esv-r7	4.1-esv-r7.x
isc / dhcp	4.1-esv-r10_rc1	4.1-esv-r10_rc1.x
isc / dhcp	4.1-esv-r11	4.1-esv-r11.x
isc / dhcp	4.1-esv-r12_p1	4.1-esv-r12_p1.x
isc / dhcp	4.1-esv-r13	4.1-esv-r13.x
isc / dhcp	4.1-esv-r13_b1	4.1-esv-r13_b1.x
isc / dhcp	4.1-esv-r14	4.1-esv-r14.x
isc / dhcp	4.1-esv-r14_b1	4.1-esv-r14_b1.x
isc / dhcp	4.1-esv-r15	4.1-esv-r15.x
isc / dhcp	4.2.0	4.2.8.x
isc / dhcp	4.3.0	4.3.6.x
isc / dhcp	4.1-esv	4.1-esv.x
redhat / enterprise_linux_desktop	7.0	7.0.x
redhat / enterprise_linux_workstation	7.0	7.0.x
redhat / enterprise_linux_server	7.0	7.0.x
redhat / enterprise_linux_server_aus	7.4	7.4.x
redhat / enterprise_linux_server_eus	7.4	7.4.x
redhat / enterprise_linux_server_tus	7.4	7.4.x
redhat / enterprise_linux_server_eus	7.5	7.5.x
redhat / enterprise_linux_server_tus	7.6	7.6.x
redhat / enterprise_linux_server_eus	7.6	7.6.x
redhat / enterprise_linux_server_aus	7.6	7.6.x
canonical / ubuntu_linux	16.04	16.04.x
canonical / ubuntu_linux	14.04	14.04.x
canonical / ubuntu_linux	17.10	17.10.x
debian / debian_linux	8.0	8.0.x
debian / debian_linux	9.0	9.0.x

Vulnerability Database

289,599

CVE-2017-3144