CVE-2017-13704

EPSS 81.76%
Published 03.10.2017 01:29:01
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.

Affected products Warnungen 0 Metrics 3 CWE 1 References 15

Data is provided by the National Vulnerability Database (NVD)

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version17.04

Debian ≫ Debian Linux Version7.0

Debian ≫ Debian Linux Version7.1

Debian ≫ Debian Linux Version9.0

Fedoraproject ≫ Fedora Version27

Novell ≫ Leap Version42.2

Novell ≫ Leap Version42.3

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Workstation Version7.0

Thekelleys ≫ Dnsmasq Version <= 2.77

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	81.76%	0.991

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://thekelleys.org.uk/dnsmasq/CHANGELOG

Vendor Advisory

Release Notes

http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=63437ffbb58837b214b4b92cb1c54bc5f3279928

http://www.securityfocus.com/bid/101085

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/101977

http://www.securitytracker.com/id/1039474

Third Party Advisory

VDB Entry

https://access.redhat.com/security/vulnerabilities/3199382