9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.923 High
EPSS
Percentile
98.9%
Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities.
Multiple vulnerabilities have been reported in dnsmasq.
CWE-122: Heap-based Buffer Overflow - CVE-2017-14491
CWE-122: Heap-based Buffer Overflow - CVE-2017-14492
CWE-121: Stack-based Buffer Overflow - CVE-2017-14493
CWE-200: Information Exposure - CVE-2017-14494
CWE-400: Uncontrolled Resource Consumption(‘Resource Exhaustion’) - CVE-2017-14495
CWE-191: Integer Underflow - CVE-2017-14496
Please see the Google Security blog post for additional information.
Dnsmasq is a widely used piece of open-source software. These vulnerabilities can be triggered remotely via DNS and DHCP protocols and can lead to remote code execution, information exposure, and denial of service. In some cases an attacker would need to induce one or more DNS requests.
Apply an Update
dnsmasq version 2.78 has been released to address these vulnerabilities.
973527
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: September 25, 2017 Updated: February 02, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: October 18, 2017
Statement Date: October 18, 2017
Affected
We issued a security bulletin through the FIRST mailing list.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 25, 2017 Updated: February 02, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 25, 2017 Updated: October 02, 2017
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 25, 2017 Updated: February 02, 2018
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 26, 2017 Updated: September 26, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
Notified: September 25, 2017 Updated: September 25, 2017
Unknown
We have not received a statement from the vendor.
View all 101 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Temporal | 8.7 | E:H/RL:OF/RC:C |
Environmental | 8.7 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND |
Thanks to Felix Wilhelm, Fermin J. Serna, Gabriel Campana, Kevin Hamacher and Ron Bowes of the Google Security Team for reporting this vulnerability.
This document was written by Trent Novelly.
CVE IDs: | CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496 |
---|---|
Date Public: | 2017-10-02 Date First Published: |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.923 High
EPSS
Percentile
98.9%