CVE-2017-3144

Publication date 31 December 2017

Last updated 25 August 2025

Ubuntu priority

Low

Why this priority?

Cvss 3 Severity Score

7.5 · High

Score breakdown

Description

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.

Read the notes from the security team

Status

Package Ubuntu Release Status
isc-dhcp 21.04 hirsute
Fixed 4.3.5-3ubuntu5
20.10 groovy
Fixed 4.3.5-3ubuntu5
20.04 LTS focal
Fixed 4.3.5-3ubuntu5
19.10 eoan
Fixed 4.3.5-3ubuntu5
19.04 disco
Fixed 4.3.5-3ubuntu5
18.10 cosmic
Fixed 4.3.5-3ubuntu5
18.04 LTS bionic
Fixed 4.3.5-3ubuntu5
17.10 artful
Fixed 4.3.5-3ubuntu2.2
16.04 LTS xenial
Fixed 4.3.3-5ubuntu12.9
14.04 LTS trusty
Fixed 4.2.4-7ubuntu12.12

Notes

mdeslaur

DoS over OMAPI port only, see ISC kb article for workarounds, or properly limit access to ports

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
isc-dhcp

Severity score breakdown

CVSS version: CVSS v3.0

Base score 7.5 · High

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Related Ubuntu Security Notices (USN)

Other references

Access our resources on patching vulnerabilities