| Name | CVE-2018-5732 |
| Description | Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0 |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-1313-1, DSA-4133-1 |
| Debian Bugs | 891786 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| isc-dhcp (PTS) | jessie, jessie (lts) | 4.3.1-6+deb8u6 | fixed |
| stretch (security) | 4.3.5-3+deb9u2 | fixed | |
| stretch (lts), stretch | 4.3.5-3+deb9u3 | fixed | |
| buster (security), buster, buster (lts) | 4.4.1-2+deb10u3 | fixed | |
| bullseye | 4.4.1-2.3+deb11u2 | fixed | |
| bullseye (security) | 4.4.1-2.3+deb11u1 | fixed | |
| bookworm | 4.4.3-P1-2 | fixed | |
| sid, trixie | 4.4.3-P1-5 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| isc-dhcp | source | wheezy | 4.2.2.dfsg.1-5+deb70u9 | DLA-1313-1 | ||
| isc-dhcp | source | jessie | 4.3.1-6+deb8u3 | DSA-4133-1 | ||
| isc-dhcp | source | stretch | 4.3.5-3+deb9u1 | DSA-4133-1 | ||
| isc-dhcp | source | (unstable) | 4.3.5-3.1 | 891786 |
https://kb.isc.org/article/AA-01565/75/CVE-2018-5732
https://bugs.isc.org/Public/Bug/Display.html?id=47139
https://gitlab.isc.org/isc-projects/dhcp/-/commit/c5931725b48b121d232df4ba9e45bc41e0ba114d (4.4.1)
Fixes for 4.3.6p1: https://gitlab.isc.org/isc-projects/dhcp/-/commit/99a25aedea02d9c259cb8fabf4be700fb32571a3