CVE-2018-5733

Name: CVE-2018-5733
Creator: NVD / NIST
Published: 2019-01-16T20:29:00.753+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 20.24%

Last modified Jun 17, 2026

CVE-2018-5733 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.. EPSS estimates a 20.24% chance of exploitation in the next 30 days.

Description

A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

20.24%

97.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-190

Affected Software

Vendor	Product	Versions
Isc	Dhcp	>= 4.2.0, <= 4.2.8
Isc	Dhcp	>= 4.3.0, <= 4.3.6
Isc	Dhcp	4.1-esv
Isc	Dhcp	4.1.0
Isc	Dhcp	4.4.0
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	7.4
Redhat	Enterprise Linux Server Aus	7.6
Redhat	Enterprise Linux Server Eus	7.4
Redhat	Enterprise Linux Server Eus	7.5
Redhat	Enterprise Linux Server Eus	7.6
Redhat	Enterprise Linux Workstation	6.0
Redhat	Enterprise Linux Workstation	7.0
Canonical	Ubuntu Linux	14.04
Canonical	Ubuntu Linux	16.04
Canonical	Ubuntu Linux	17.10
Debian	Debian Linux	7.0
Debian	Debian Linux	8.0
Debian	Debian Linux	9.0

References

http://www.securityfocus.com/bid/103188Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1040437Third Party Advisory, VDB Entry
https://access.redhat.com/errata/RHSA-2018:0469Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0483Third Party Advisory
https://kb.isc.org/docs/aa-01567Vendor Advisory
https://lists.debian.org/debian-lts-announce/2018/03/msg00015.htmlThird Party Advisory
https://usn.ubuntu.com/3586-1/Third Party Advisory
https://usn.ubuntu.com/3586-2/Third Party Advisory
https://www.debian.org/security/2018/dsa-4133Third Party Advisory
http://www.securityfocus.com/bid/103188Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1040437Third Party Advisory, VDB Entry
https://access.redhat.com/errata/RHSA-2018:0469Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0483Third Party Advisory
https://kb.isc.org/docs/aa-01567Vendor Advisory
https://lists.debian.org/debian-lts-announce/2018/03/msg00015.htmlThird Party Advisory
https://security.netapp.com/advisory/ntap-20250425-0010/
https://usn.ubuntu.com/3586-1/Third Party Advisory
https://usn.ubuntu.com/3586-2/Third Party Advisory
https://www.debian.org/security/2018/dsa-4133Third Party Advisory

Timeline

Published: Jan 16, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-5733?

How severe is CVE-2018-5733?

CVE-2018-5733 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 20.24% probability of exploitation in the next 30 days.

How do I fix CVE-2018-5733?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-5733?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST