An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data.

References

bugzilla.redhat.com/show_bug.cgi?id=1495412

security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html https://access.redhat.com/security/vulnerabilities/3199382

ubuntucve 1

alpinelinux 1

debiancve 1

prion 1

exploitpack 1

checkpoint_advisories 1

zdt 1

osv 3

cve 1

veracode 1

packetstorm 1

seebug 1

openvas 22

nessus 29

debian 3

redhat 2

ubuntu 3

arista 1

cert 1

gentoo 1

amazon 2

oraclelinux 1

fedora 3

suse 4

centos 1

archlinux 1

thn 1

freebsd 1

threatpost 1

myhack58 1

ibm 2

f5 1

altlinux 1

huawei 1

slackware 1

mageia 2

photon 1

redhatcve 1

nvidia 1

ubuntucve

CVE-2017-14494

2017-10-02 00:00:00

alpinelinux

CVE-2017-14494

2017-10-03 01:29:00

debiancve

CVE-2017-14494

2017-10-03 01:29:00

prion

Information disclosure

2017-10-03 01:29:00

exploitpack

Dnsmasq 2.78 - Information Leak

2017-10-02 00:00:00

checkpoint_advisories

Dnsmasq DHCPv6 Remote Unauthenticated Information Disclosure (CVE-2017-14494)

2017-10-19 00:00:00

zdt

Dnsmasq < 2.78 - Information Leak Exploit

2017-10-02 00:00:00

osv

CVE-2017-14494

2017-10-03 01:29:02

dnsmasq - security update

2017-10-06 00:00:00

dnsmasq - security update

2017-10-02 00:00:00

cve

CVE-2017-14494

2017-10-03 01:29:00

veracode

Information Disclosure

2019-05-02 06:37:12

packetstorm

Dnsmasq Information Leak

2017-10-02 00:00:00

seebug

Dnsmasq Information Leak(CVE-2017-14494)

2017-10-09 00:00:00

openvas

Debian: Security Advisory (DLA-1124-1)

2018-02-06 00:00:00

Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2017-1239)

2020-01-23 00:00:00

Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2017-1240)

2020-01-23 00:00:00

nessus

Debian DLA-1124-1 : dnsmasq security update

2017-10-09 00:00:00

RHEL 7 : dnsmasq (RHSA-2017:2837)

2017-10-03 00:00:00

EulerOS 2.0 SP2 : dnsmasq (EulerOS-SA-2017-1240)

2017-10-13 00:00:00

debian

[SECURITY] [DLA 1124-1] dnsmasq security update

2017-10-06 14:42:23

[SECURITY] [DSA 3989-1] dnsmasq security update

2017-10-02 18:30:02

[SECURITY] [DSA 3989-1] dnsmasq security update

2017-10-02 18:30:02

redhat

(RHSA-2017:2837) Critical: dnsmasq security update

2017-10-02 13:34:44

(RHSA-2017:2836) Critical: dnsmasq security update

2017-10-02 13:34:30

ubuntu

Dnsmasq vulnerabilities

2017-10-03 00:00:00

Dnsmasq vulnerabilities

2017-10-02 00:00:00

Dnsmasq regression

2018-01-04 00:00:00

arista

Security Advisory 0030

2017-10-02 00:00:00

cert

Dnsmasq contains multiple vulnerabilities

2017-10-02 00:00:00

gentoo

Dnsmasq: Multiple vulnerabilities

2017-10-23 00:00:00

amazon

Critical: dnsmasq

2017-10-02 17:05:00

Critical: dnsmasq

2019-07-18 18:22:00

oraclelinux

dnsmasq security update

2017-10-02 00:00:00

fedora

[SECURITY] Fedora 25 Update: dnsmasq-2.76-4.fc25

2017-10-23 22:52:39

[SECURITY] Fedora 27 Update: dnsmasq-2.77-9.fc27

2017-10-24 05:30:01

[SECURITY] Fedora 26 Update: dnsmasq-2.76-5.fc26

2017-10-06 15:22:33

suse

Security update for dnsmasq (important)

2017-10-03 03:07:14

Security update for dnsmasq (important)

2017-10-02 21:07:18

Security update for dnsmasq (important)

2017-10-02 21:09:17

centos

dnsmasq security update

2017-10-03 00:04:45

archlinux

[ASA-201710-1] dnsmasq: multiple issues

2017-10-02 00:00:00

thn

Google Finds 7 Security Flaws in Widely Used Dnsmasq Network Software

2017-10-02 23:44:00

freebsd

dnsmasq -- multiple vulnerabilities

2017-10-02 00:00:00

threatpost

Google Warns of DoS and RCE Bugs in Dnsmasq

2017-10-03 13:16:06

myhack58

dnsmasq:exposure out of the plurality of levels is quite high vulnerability-vulnerability warning-the black bar safety net

2017-10-10 00:00:00

ibm

Security Bulletin: Multiple security vulnerabilities in dnsmasq affect IBM Cloud Manager with OpenStack

2018-08-08 04:13:55

Security Bulletin: Multiple security vulnerabilities in IBM Cloud Manager with OpenStack affect IBM Cloud Orchestrator and Cloud Orchestrator Enterprise

2018-06-17 22:33:37

K32582354 : Multiple dnsmasq vulnerabilities

2017-10-05 00:00:00

altlinux

Security fix for the ALT Linux 10 package dnsmasq version 2.78-alt1

2017-10-06 00:00:00

huawei

Security Advisory - Seven vulnerabilities in Google Dnsmasq

2017-11-03 00:00:00

slackware

[slackware-security] dnsmasq

2017-10-02 18:43:20

mageia

Updated dnsmasq packages fix security vulnerabilities

2017-10-09 12:51:10

Updated dnsmasq packages fix security vulnerabilities

2017-10-09 12:51:10

photon

Critical Photon OS Security Update - PHSA-2017-0074

2017-10-04 00:00:00

redhatcve

CVE-2017-14491

2020-04-09 10:43:20

nvidia

Security Bulletin: NVIDIA Tegra Jetson L4T contains multiple vulnerabilities; updates for “BlueBorne” and “Dnsmasq”.

2017-10-16 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

Related for RH:CVE-2017-14494