CVE-2017-14491

Exploit

EPSS 60.19%
Published 04.10.2017 01:29:02
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

Affected products Warnungen 0 Metrics 3 CWE 1 References 43

Data is provided by the National Vulnerability Database (NVD)

Thekelleys ≫ Dnsmasq Version <= 2.77

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Workstation Version6.0

Redhat ≫ Enterprise Linux Workstation Version7.0

Canonical ≫ Ubuntu Linux Version12.04 SwEdition-

Canonical ≫ Ubuntu Linux Version12.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version17.04

Debian ≫ Debian Linux Version7.0

Debian ≫ Debian Linux Version7.1

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Opensuse ≫ Leap Version42.2

Opensuse ≫ Leap Version42.3

Suse ≫ Linux Enterprise Debuginfo Version11 Updatesp3

Suse ≫ Linux Enterprise Debuginfo Version11 Updatesp4

Suse ≫ Linux Enterprise Point Of Sale Version11 Updatesp3

Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwEditionltss

Suse ≫ Linux Enterprise Server Version11 Updatesp4

Suse ≫ Linux Enterprise Server Version12 SwEditionltss

Nvidia ≫ Linux For Tegra Version < r21.6

Nvidia ≫ Jetson Tk1 Version-

Nvidia ≫ Linux For Tegra Version < r24.2.2

Nvidia ≫ Jetson Tx1 Version-

Nvidia ≫ Geforce Experience Version >= 3.0 < 3.10.0.55

Microsoft ≫ Windows Version-

Huawei ≫ Honor V9 Play Firmware Version < jimmy-al00ac00b135

Huawei ≫ Honor V9 Play Version-

Arista ≫ Eos Version <= 4.15

Arista ≫ Eos Version >= 4.16 < 4.16.13m

Arista ≫ Eos Version >= 4.17 < 4.17.8m

Arista ≫ Eos Version >= 4.18 <= 4.18.4.2f

Siemens ≫ Ruggedcom Rm1224 Firmware Version < 5.0

Siemens ≫ Ruggedcom Rm1224 Version-

Siemens ≫ Scalance M-800 Firmware Version < 5.0

Siemens ≫ Scalance M-800 Version-

Siemens ≫ Scalance S615 Firmware Version < 5.0

Siemens ≫ Scalance S615 Version-

Siemens ≫ Scalance W1750d Firmware Version < 6.5.1.5

Siemens ≫ Scalance W1750d Version-

Arubanetworks ≫ Arubaos Version >= 6.3.1 < 6.3.1.25

Arubanetworks ≫ Arubaos Version >= 6.4.4.0 < 6.4.4.16

Arubanetworks ≫ Arubaos Version >= 6.5.0.0 < 6.5.1.9

Arubanetworks ≫ Arubaos Version >= 6.5.3.0 < 6.5.3.3

Arubanetworks ≫ Arubaos Version >= 6.5.4.0 < 6.5.4.2

Arubanetworks ≫ Arubaos Version >= 8.1.0.0 < 8.1.0.4

Synology ≫ Router Manager Version1.1

Synology ≫ Diskstation Manager Version5.2

Synology ≫ Diskstation Manager Version6.0

Synology ≫ Diskstation Manager Version6.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	60.19%	0.982

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://thekelleys.org.uk/dnsmasq/CHANGELOG

Vendor Advisory

Release Notes

http://nvidia.custhelp.com/app/answers/detail/a_id/4561

Third Party Advisory

http://www.securityfocus.com/bid/101085

Broken Link

http://www.securityfocus.com/bid/101977

Broken Link

http://www.securitytracker.com/id/1039474

Broken Link

https://access.redhat.com/security/vulnerabilities/3199382

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf

Patch

Third Party Advisory

https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html

Third Party Advisory

https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html

https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html

https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html

Third Party Advisory

Mailing List

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt

Third Party Advisory

http://www.debian.org/security/2017/dsa-3989

Third Party Advisory

http://www.ubuntu.com/usn/USN-3430-1

Third Party Advisory

http://www.ubuntu.com/usn/USN-3430-2

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2836

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2837

Third Party Advisory

https://security.gentoo.org/glsa/201710-27

Third Party Advisory

https://www.kb.cert.org/vuls/id/973527

Third Party Advisory

US Government Resource

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html

Third Party Advisory

Mailing List

http://nvidia.custhelp.com/app/answers/detail/a_id/4560

Third Party Advisory

http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html

Third Party Advisory

Exploit

VDB Entry

http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en

Third Party Advisory

http://www.ubuntu.com/usn/USN-3430-3

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2838

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2839

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2840

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2841

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/

https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30

Third Party Advisory

Mitigation

https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449

Third Party Advisory

https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/

Third Party Advisory

https://www.debian.org/security/2017/dsa-3989

Third Party Advisory

https://www.exploit-db.com/exploits/42941/

Third Party Advisory

Exploit

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-14491

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-14491

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-14491

EUVD