{
  "threat_severity" : "Moderate",
  "public_date" : "2017-12-07T00:00:00Z",
  "bugzilla" : {
    "description" : "dhcp: omapi code doesn't free socket descriptors when empty message is received allowing denial-of-service",
    "id" : "1522918",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1522918"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-772",
  "details" : [ "A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.", "It was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI port could use this flaw to exhaust file descriptors in the DHCP daemon, leading to a denial of service in the OMAPI functionality." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2018-01-25T00:00:00Z",
    "advisory" : "RHSA-2018:0158",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "dhcp-12:4.2.5-58.el7_4.1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "dhcp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "dhcp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-3144\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3144\nhttps://kb.isc.org/article/AA-01541" ],
  "name" : "CVE-2017-3144",
  "csaw" : false
}