[ASA-201803-4] dhcp: denial of service
santiago at archlinux.org
Tue Mar 6 15:29:02 UTC 2018
Arch Linux Security Advisory ASA-201803-4
Date : 2018-03-05
CVE-ID : CVE-2018-5733
Package : dhcp
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-646
The package dhcp before version 4.4.1-1 is vulnerable to denial of
Upgrade to 4.4.1-1.
# pacman -Syu "dhcp>=4.4.1-1"
The problem has been fixed upstream in version 4.4.1.
A denial of service flaw was found in the way dhcpd handled reference
counting when processing client requests. A malicious DHCP client could
use this flaw to trigger a reference count overflow on the server side,
potentially causing dhcpd to crash, by sending large amounts of
A remote attacker is able to crash the dhcpd process by sending large
amounts of traffic.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the arch-security