A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet.

References

bugzilla.redhat.com/show_bug.cgi?id=1495415

security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html https://access.redhat.com/security/vulnerabilities/3199382

checkpoint_advisories 1

veracode 1

alpinelinux 1

osv 1

debiancve 1

exploitpack 1

prion 1

packetstorm 1

ubuntucve 1

zdt 1

seebug 1

cve 1

exploitdb 1

nessus 26

ics 1

openvas 18

debian 2

arista 1

ubuntu 3

cert 1

suse 4

centos 1

amazon 2

gentoo 1

fedora 3

oraclelinux 1

redhat 1

archlinux 1

threatpost 1

mageia 2

thn 1

freebsd 1

myhack58 1

ibm 2

f5 1

altlinux 1

huawei 1

slackware 1

photon 1

redhatcve 1

nvidia 1

checkpoint_advisories

Dnsmasq Lack of Free Denial of Service (CVE-2017-14495)

2017-10-03 00:00:00

veracode

Denial Of Service (DoS)

2019-05-16 01:47:46

alpinelinux

CVE-2017-14495

2017-10-03 01:29:00

osv

CVE-2017-14495

2017-10-03 01:29:02

debiancve

CVE-2017-14495

2017-10-03 01:29:00

exploitpack

Dnsmasq 2.78 - Lack of free() Denial of Service

2017-10-02 00:00:00

prion

Memory corruption

2017-10-03 01:29:00

packetstorm

Dnsmasq Lack Of Free() Denial Of Service

2017-10-02 00:00:00

ubuntucve

CVE-2017-14495

2017-10-02 00:00:00

zdt

Dnsmasq < 2.78 - Lack of free() Denial of Service Exploit

2017-10-02 00:00:00

seebug

Dnsmasq DoS Vulnerability(CVE-2017-14495)

2017-10-09 00:00:00

cve

CVE-2017-14495

2017-10-03 01:29:00

exploitdb

Dnsmasq < 2.78 - Lack of free() Denial of Service

2017-10-02 00:00:00

nessus

EulerOS 2.0 SP2 : dnsmasq (EulerOS-SA-2018-1285)

2018-09-27 00:00:00

Photon OS 1.0: Dnsmasq PHSA-2017-0035

2019-02-07 00:00:00

Oracle Linux 7 : dnsmasq (ELSA-2017-2836)

2017-10-03 00:00:00

ics

Siemens SCALANCE W1750D, M800, S615, and RUGGEDCOM RM1224 (Update C)

2020-10-13 12:00:00

openvas

openSUSE: Security Advisory for dnsmasq (openSUSE-SU-2017:2633-1)

2017-10-05 00:00:00

CentOS Update for dnsmasq CESA-2017:2836 centos7

2017-10-05 00:00:00

Ubuntu: Security Advisory (USN-3430-3)

2022-08-26 00:00:00

debian

[SECURITY] [DSA 3989-1] dnsmasq security update

2017-10-02 18:30:19

[SECURITY] [DSA 3989-1] dnsmasq security update

2017-10-02 18:30:02

arista

Security Advisory 0030

2017-10-02 00:00:00

ubuntu

Dnsmasq vulnerabilities

2017-10-03 00:00:00

Dnsmasq vulnerabilities

2017-10-02 00:00:00

Dnsmasq regression

2018-01-04 00:00:00

cert

Dnsmasq contains multiple vulnerabilities

2017-10-02 00:00:00

suse

Security update for dnsmasq (important)

2017-10-03 03:07:14

Security update for dnsmasq (important)

2017-10-02 21:07:18

Security update for dnsmasq (important)

2017-10-02 21:09:17

centos

dnsmasq security update

2017-10-03 00:04:45

amazon

Critical: dnsmasq

2017-10-02 17:05:00

Critical: dnsmasq

2019-07-18 18:22:00

gentoo

Dnsmasq: Multiple vulnerabilities

2017-10-23 00:00:00

fedora

[SECURITY] Fedora 25 Update: dnsmasq-2.76-4.fc25

2017-10-23 22:52:39

[SECURITY] Fedora 27 Update: dnsmasq-2.77-9.fc27

2017-10-24 05:30:01

[SECURITY] Fedora 26 Update: dnsmasq-2.76-5.fc26

2017-10-06 15:22:33

oraclelinux

dnsmasq security update

2017-10-02 00:00:00

redhat

(RHSA-2017:2836) Critical: dnsmasq security update

2017-10-02 13:34:30

archlinux

[ASA-201710-1] dnsmasq: multiple issues

2017-10-02 00:00:00

threatpost

Google Warns of DoS and RCE Bugs in Dnsmasq

2017-10-03 13:16:06

mageia

Updated dnsmasq packages fix security vulnerabilities

2017-10-09 12:51:10

Updated dnsmasq packages fix security vulnerabilities

2017-10-09 12:51:10

thn

Google Finds 7 Security Flaws in Widely Used Dnsmasq Network Software

2017-10-02 23:44:00

freebsd

dnsmasq -- multiple vulnerabilities

2017-10-02 00:00:00

myhack58

dnsmasq:exposure out of the plurality of levels is quite high vulnerability-vulnerability warning-the black bar safety net

2017-10-10 00:00:00

ibm

Security Bulletin: Multiple security vulnerabilities in dnsmasq affect IBM Cloud Manager with OpenStack

2018-08-08 04:13:55

Security Bulletin: Multiple security vulnerabilities in IBM Cloud Manager with OpenStack affect IBM Cloud Orchestrator and Cloud Orchestrator Enterprise

2018-06-17 22:33:37

K32582354 : Multiple dnsmasq vulnerabilities

2017-10-05 00:00:00

altlinux

Security fix for the ALT Linux 10 package dnsmasq version 2.78-alt1

2017-10-06 00:00:00

huawei

Security Advisory - Seven vulnerabilities in Google Dnsmasq

2017-11-03 00:00:00

slackware

[slackware-security] dnsmasq

2017-10-02 18:43:20

photon

Critical Photon OS Security Update - PHSA-2017-0074

2017-10-04 00:00:00

redhatcve

CVE-2017-14491

2020-04-09 10:43:20

nvidia

Security Bulletin: NVIDIA Tegra Jetson L4T contains multiple vulnerabilities; updates for “BlueBorne” and “Dnsmasq”.

2017-10-16 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Related for RH:CVE-2017-14495