CVE-2017-14491

 

Published at: - 04-10-2017 03:29

Last modified: - 03-10-2022 08:13

Total changes: - 4

Description

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

 

Verification logic

 

Reference

• [dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.-Mailing List, Third Party Advisory
• [dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.-Mailing List, Third Party Advisory
• https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
• 1039474-Broken Link
• http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc
• http://thekelleys.org.uk/dnsmasq/CHANGELOG
• 42941-Exploit, Third Party Advisory, VDB Entry
• 101085-Broken Link
• VU#973527-Third Party Advisory, US Government Resource
• https://access.redhat.com/security/vulnerabilities/3199382
• RHSA-2017:2841-Third Party Advisory
• RHSA-2017:2840-Third Party Advisory
• RHSA-2017:2839-Third Party Advisory
• RHSA-2017:2838-Third Party Advisory
• RHSA-2017:2837-Third Party Advisory
• RHSA-2017:2836-Third Party Advisory
• USN-3430-2-Third Party Advisory
• USN-3430-1-Third Party Advisory
• DSA-3989-Third Party Advisory
• openSUSE-SU-2017:2633-Mailing List, Third Party Advisory
• http://nvidia.custhelp.com/app/answers/detail/a_id/4561
• GLSA-201710-27-Third Party Advisory
• 101977-Broken Link
• https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq
• http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt
• https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf
• http://nvidia.custhelp.com/app/answers/detail/a_id/4560
• https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/
• USN-3430-3-Third Party Advisory
• FEDORA-2017-24f067299e-Mailing List, Third Party Advisory
• SUSE-SU-2017:2619-Mailing List, Third Party Advisory
• DSA-3989-Third Party Advisory
• SUSE-SU-2017:2617-Mailing List, Third Party Advisory
• FEDORA-2017-515264ae24-Mailing List, Third Party Advisory
• https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449
• http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html
• http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en
• FEDORA-2017-7106a157f5-Mailing List, Third Party Advisory
• https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30
• SUSE-SU-2017:2616-Mailing List, Third Party Advisory

 

Keywords

NVD

 

CVE-2017-14491

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures