GCVE - cpe:2.3:a:isc:dhcp:4.1-esv:r9_rc1:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:isc:dhcp:4.1-esv:r9_rc1:*:*:*:*:*:*

part: a version: 4.1-esv update: r9_rc1

Vendor	Isc (`4a2f2b37-98b6-5702-822d-72afcd17d050`)
Product	Dhcp (`4e92e1a9-a8b0-5696-8d39-7119e87ecd86`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/isc-projects/dhcp`	purl2cpe	2026-06-01 10:15:10.728652

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-5733`	vulnerable	2026-06-08 05:11:51.710844	A malicious client can overflow a reference counter in ISC dhcpd MEDIUM (5.9) A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0. Published: 2019-01-16T20:00:00.000Z Updated: 2025-04-25T23:02:52.084Z Open on db.gcve.eu Reference links https://kb.isc.org/docs/aa-01567 https://access.redhat.com/errata/RHSA-2018:0469 https://www.debian.org/security/2018/dsa-4133 https://usn.ubuntu.com/3586-2/ https://access.redhat.com/errata/RHSA-2018:0483	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-3144`	vulnerable	2026-06-08 05:09:26.637530	Failure to properly clean up closed OMAPI connections can exhaust available sockets MEDIUM (5.3) A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested. Published: 2019-01-16T20:00:00.000Z Updated: 2024-09-16T22:46:13.879Z Open on db.gcve.eu Reference links https://access.redhat.com/errata/RHSA-2018:0158 https://www.debian.org/security/2018/dsa-4133 http://www.securityfocus.com/bid/102726 http://www.securitytracker.com/id/1040194 https://usn.ubuntu.com/3586-1/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-2774`	vulnerable	2026-06-08 05:07:42.802953	Details available ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions. Published: 2016-03-09T15:26:00.000Z Updated: 2024-08-05T23:32:20.980Z Open on db.gcve.eu Reference links http://rhn.redhat.com/errata/RHSA-2016-2590.html http://www.securitytracker.com/id/1035196 https://kb.isc.org/article/AA-01354 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-8605`	vulnerable	2026-06-08 05:07:04.487942	Details available ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet. Published: 2016-01-14T22:00:00.000Z Updated: 2024-08-06T08:20:43.591Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1034657 http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/ https://kb.isc.org/article/AA-01334 https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.