It was found that omapi code doesn't free socket descriptor if empty message was sent by client, which allows malicious client to use up all available descriptors causing Denial of Service. Upstream patch: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=1a6b62fe17a
Created dhcp tracking bugs for this issue: Affects: fedora-all [bug 1523547]
External References: https://kb.isc.org/article/AA-01541
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:0158 https://access.redhat.com/errata/RHSA-2018:0158