{
  "threat_severity" : "Moderate",
  "public_date" : "2016-03-07T00:00:00Z",
  "bugzilla" : {
    "description" : "dhcp: unclosed TCP connections to OMAPI or failover ports can cause DoS",
    "id" : "1315259",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1315259"
  },
  "cvss" : {
    "cvss_base_score" : "2.6",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:N/I:N/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-400",
  "details" : [ "ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.", "A resource-consumption flaw was discovered in the DHCP server. dhcpd did not restrict the number of open connections to OMAPI and failover ports. A remote attacker able to establish TCP connections to one of these ports could use this flaw to cause dhcpd to exit unexpectedly, stop responding requests, or exhaust system sockets (denial of service)." ],
  "acknowledgement" : "Red Hat would like to thank ISC for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-11-03T00:00:00Z",
    "advisory" : "RHSA-2016:2590",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "dhcp-12:4.2.5-47.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "dhcp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "dhcp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-2774\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2774\nhttps://kb.isc.org/article/AA-01354" ],
  "name" : "CVE-2016-2774",
  "csaw" : false
}