cve/2018/CVE-2018-5732.md

### [CVE-2018-5732](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5732)
![](https://img.shields.io/static/v1?label=Product&message=ISC%20DHCP&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=ISC%20DHCP4.1.0%20-%3E%204.1-ESV-R15%2C%204.2.0%20-%3E%204.2.8%2C%204.3.0%20-%3E%204.3.6%2C%204.4.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Affected%20versions%20of%20dhclient%20should%20crash%20due%20to%20an%20out-of-bounds%20memory%20access%20if%20they%20receive%20and%20process%20a%20triggering%20response%20packet.%20However%2C%20buffer%20overflow%20outcomes%20can%20vary%20by%20operating%20system%2C%20and%20outcomes%20such%20as%20remote%20code%20execution%20may%20be%20possible%20in%20some%20circumstances.%20Where%20they%20are%20present%2C%20operating%20system%20mitigation%20strategies%20such%20as%20address%20space%20layout%20randomization%20(ASLR)%20should%20make%20it%20difficult%20to%20leverage%20this%20vulnerability%20to%20achieve%20remote%20code%20execution%2C%20but%20we%20cannot%20rule%20it%20out%20as%20impossible.%20The%20safest%20course%20is%20to%20patch%20dhclient%20so%20that%20the%20buffer%20overflow%20cannot%20occur.&color=brighgreen)

### Description

Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fbreton/lacework
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-5732](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5732)`
			`![](https://img.shields.io/static/v1?label=Product&message=ISC%20DHCP&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=ISC%20DHCP4.1.0%20-%3E%204.1-ESV-R15%2C%204.2.0%20-%3E%204.2.8%2C%204.3.0%20-%3E%204.3.6%2C%204.4.0%20&color=brighgreen)`
			![](https://img.shields.io/static/v1?label=Vulnerability&message=Affected%20versions%20of%20dhclient%20should%20crash%20due%20to%20an%20out-of-bounds%20memory%20access%20if%20they%20receive%20and%20process%20a%20triggering%20response%20packet.%20However%2C%20buffer%20overflow%20outcomes%20can%20vary%20by%20operating%20system%2C%20and%20outcomes%20such%20as%20remote%20code%20execution%20may%20be%20possible%20in%20some%20circumstances.%20Where%20they%20are%20present%2C%20operating%20system%20mitigation%20strategies%20such%20as%20address%20space%20layout%20randomization%20(ASLR)%20should%20make%20it%20difficult%20to%20leverage%20this%20vulnerability%20to%20achieve%20remote%20code%20execution%2C%20but%20we%20cannot%20rule%20it%20out%20as%20impossible.%20The%20safest%20course%20is%20to%20patch%20dhclient%20so%20that%20the%20buffer%20overflow%20cannot%20occur.&color=brighgreen)

			`### Description`

			`Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/fbreton/lacework`