Vulnerability CVE-2017-14493: Information

Description

Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-14493
Published: Oct. 3, 2017
Modified: Nov. 7, 2023
Error type identifier: CWE-119

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
dnsmasqsisyphus2.78-alt12.90-alt1ALT-PU-2017-2387-1190404Fixed
dnsmasqp102.78-alt12.90-alt1ALT-PU-2017-2387-1190404Fixed
dnsmasqp92.78-alt12.85-alt2.p9.1ALT-PU-2017-2387-1190404Fixed
dnsmasqp82.78-alt0.M80P.12.78-alt0.M80P.1ALT-PU-2017-2399-1190531Fixed
dnsmasqc10f12.78-alt12.90-alt1ALT-PU-2017-2387-1190404Fixed
dnsmasqc9f22.78-alt12.90-alt1ALT-PU-2017-2387-1190404Fixed
dnsmasqc72.72-alt1.M70C.22.72-alt1.M70C.2ALT-PU-2017-2408-1190552Fixed
dnsmasqp112.78-alt12.90-alt1ALT-PU-2017-2387-1190404Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
  • Third Party Advisory
http://thekelleys.org.uk/dnsmasq/CHANGELOG
  • Release Notes
  • Vendor Advisory
1039474
  • Third Party Advisory
  • VDB Entry
42943
  • Exploit
  • Third Party Advisory
  • VDB Entry
101085
  • Third Party Advisory
  • VDB Entry
VU#973527
  • Third Party Advisory
  • US Government Resource
https://access.redhat.com/security/vulnerabilities/3199382
  • Issue Tracking
  • Third Party Advisory
RHSA-2017:2837
  • Patch
  • Third Party Advisory
RHSA-2017:2836
  • Patch
  • Third Party Advisory
USN-3430-2
  • Third Party Advisory
USN-3430-1
  • Third Party Advisory
DSA-3989
  • Third Party Advisory
openSUSE-SU-2017:2633
  • Issue Tracking
  • Mailing List
  • Third Party Advisory
http://nvidia.custhelp.com/app/answers/detail/a_id/4561
  • Third Party Advisory
GLSA-201710-27
  • Third Party Advisory
https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq
  • Third Party Advisory
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt
    http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=3d4ff1ba8419546490b464418223132529514033
      [dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.
        [dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.

            1. Configuration 1

              cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
              cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
              cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
              cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*
              cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
              cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
              cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
              cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
              cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
              cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
              cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*

              Configuration 2

              cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*
              End including
              2.77
          VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
          Version: v24.5.3
          Back to top