Lucene search

K

GoogleOSV:CVE-2017-14494

HistoryOct 03, 2017 - 1:29 a.m.

CVE-2017-14494

2017-10-0301:29:02

Google

osv.dev

10

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

9 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.017 Low

EPSS

Percentile

87.3%

dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.

CPENameOperatorVersion
dnsmasqeq2.64rc2
dnsmasqeq2.65test1
dnsmasqeq2.66-r2
dnsmasqeq2.67test7
dnsmasqeq2.6
dnsmasqeq2.67test2
dnsmasqeq2.62test1
dnsmasqeq2.66test16
dnsmasqeq2.66test4
dnsmasqeq2.69test4

Rows per page:

1-10 of 3031

References

lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html

nvidia.custhelp.com/app/answers/detail/a_id/4561

thekelleys.org.uk/dnsmasq/CHANGELOG

thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=33e3f1029c9ec6c63e430ff51063a6301d4b2262

www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt

www.debian.org/security/2017/dsa-3989

www.securityfocus.com/bid/101085

www.securitytracker.com/id/1039474

www.ubuntu.com/usn/USN-3430-1

www.ubuntu.com/usn/USN-3430-2

access.redhat.com/errata/RHSA-2017:2836

access.redhat.com/errata/RHSA-2017:2837

access.redhat.com/security/vulnerabilities/3199382

security.gentoo.org/glsa/201710-27

security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html

www.exploit-db.com/exploits/42944/

www.kb.cert.org/vuls/id/973527

www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html

www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html

www.synology.com/support/security/Synology_SA_17_59_Dnsmasq

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

9 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.017 Low

EPSS

Percentile

87.3%